Dell Data Protection | Access Home The Dell Data Protection | Access home page is the starting point for accessing the features of this application. From this window, you can access the following: Set up secure Access options Customize Access Options Self-Encrypting Drive Advanced NOTE: If you have a pre-Windows password set or fingerprint enrolled, available options (e.g., change password for pre-Windows login) will be displayed on the home page.
Set up Secure Access Options The Set up secure Access options wizard launches automatically the first time the Dell Data Protection | Access application is launched. This wizard will walk you through setting up all aspects of the security on your system, including how (e.g., password only or fingerprint and password) and when (at Windows, pre-Windows or both) you want to login to the system. In addition, if your system has a self-encrypting drive you can configure it through this wizard.
Administrator Functions Users who have been set up with Windows administrator privileges on the system have the rights to perform the following functions in Dell Data Access | Protection, which standard users cannot: Set / change System (Pre-Windows) password Set / change Hard Drive password Set / change Administrator Password Set / change TPM Owner password Set / change ControlVault Administrator password Reset system Archive and restore credentials Enable / disable Dell Secure Login t
Remote Management Your organization can set up an environment in which the security functions of the Dell Data Protection | Access application on multiple platforms are centrally managed (i.e. remote management) by Wave Systems' EMBASSY® Remote Administration Server (ERAS). In this case, the Windows security infrastructure, such as Active Directory, can be used to securely manage specific features of Dell Data Protection | Access. When a computer is remotely managed (e.g.
Access Options From the Access Options window, you can set up how you gain access to your system. General First, you can specify when to log in (Windows, pre-Windows or both) and how (e.g. fingerprint and password) to log in. You can choose one or two options for how to login; these include combinations of fingerprint, smartcard, and password. The listed options are based on the login policies applied in your environment and what is supported with thesecurity devices installed on your system.
Pre-Windows Login When pre-Windows login is enabled, you must provide authentication (password, fingerprint or smartcard) when the system is powered on, before Windows is loaded. The pre-Windows login functionality provides additional security to the system, keeping unauthorized users from compromising Windows and accessing the computer (e.g., when it has been stolen).
Managing User Fingerprints Users can register fingerprints which can be used to authenticate to the system either preWindows or for Windows login. In the Fingerprint tab, images of hands display which fingers have been enrolled, if any. Clicking on a finger in the image launches the Fingerprint Enrollment wizard, which guides you through the enrollment process. "Enrolling" means saving a fingerprint to be used for login.
Enrolling Smartcards Dell Data Protection | Access gives you the option of using a traditional (contacted) or contactless smartcard for logging into your Windows account or for authentication at preWindows. In the Smartcard tab, click the Enroll a smartcard or contactless smartcard to use for login link to launch the Smartcard Enrollment wizard, which guides you through the enrollment process. "Enrolling" means setting up your smartcard for use in login.
Self-Encrypting Drive Dell Data Protection | Access manages the hardware-based security functions of selfencrypting drives, which have data encryption embedded in the drive hardware. This functionality is used to ensure that only authorized users can access encrypted data (when drive locking is enabled). The Self-Encrypting Drive window is accessed by clicking the Self-Encrypting Drive bottom tab. This tab displays only when one or more self-encrypting drives (SEDs) are present on your system.
IMPORTANT! It is highly recommended that you back up these credentials, and that you back them up to a drive other than your primary hard drive (e.g. removable media). Otherwise, if you lose access to your drive you will not be able to access your backup. Once you complete drive setup, any users will have to enter the correct username and password (or fingerprint), before Windows loads, to access the system the next time the system is powered up.
Self-Encrypting Drive User Functions Self-encrypting drive administrators perform all of the management of the drive security and users. Drive users who are not the drive administrator can perform only the following tasks: Change their own drive password Unlock a drive These tasks can be accessed from the Self-Encrypting Drive tab in Dell Data Protection | Access. Change Password This enables enrolled users to create their new drive authentication password.
Advanced Options The Advanced options in Dell Data Protection | Access enable a user with administrator privileges to manage the following aspects of the application: Maintenance Passwords Devices NOTE: Only users with administrator privileges can make modifications in the Advanced options; standard users can view these settings but cannot make any changes. From the advanced options, you can click the home link in the bottom right of the window to return to the home page.
Maintenance The Maintenance window can be used by administrators to set up Windows login preferences, reset a system to prepare it to be repurposed, or to archive or restore user credentials stored in the system's security hardware.
Access Preferences The Access Preferences window lets administrators specify Windows login preferences for all users of the system. Enable Dell Secure login The option to replace the standard Windows ctrl-alt-delete screen enables you to use different factors of authentication instead of (or in addition to) the Windows password for access to Windows. You can choose to add a fingerprint as a second factor of authentication in order to strengthen the security of the Windows login process.
Reset System The Reset System function is used to clear all user data from all security hardware on the platform; this is used, for example, for repurposing a computer. This option will clear all passwords on the system, except for the Windows user passwords, as well as all data in the hardware devices (i.e. ControlVault, TPM and fingerprint readers). Credentials for Smartcards will also be cleared. For self-encrypting drives, this function also disables data protection so the drive data is accessible.
Credential Archive & Restore The Credential Archive and Restore functionality is used to back up and restore all user credentials (login and encryption information) stored in the ControlVault and Trusted Platform Module (TPM). A backup of this data is important when re-provisioning a computer or for restoring data in the case of hardware failure. In this case, you can simply restore all of your credentials to your new computer from a saved archive file.
Password Management From the Password Management window, an administrator can create or change all of the security passwords on your system: System (also known as Pre-Windows)* Administrator* Hard Drive* ControlVault Windows TPM Owner Self-Encrypting Drive NOTES: Only those passwords that are applicable to the current platform configuration will be displayed; so this window will change based on the system configuration and status.
Windows Password Complexity Rules Dell Data Protection | Access ensures that the following password conforms to the Windows password complexity rules for the machine: TPM Owner password To determine the Windows password complexity policy for a machine, follow these steps: 1. Access the Control Panel. 2. Double-click Administrative Tools. 3. Double-click Local Security Policy. 4. Expand Account Policies and select Password Policy.
Devices The Devices window is used by administrators to manage all of the security devices installed on their system. For each device, you can view the status and additional detailed information, such as the firmware version. Click show to view the information for each device, or hide to collapse that section.
Trusted Platform Module (TPM) The TPM security chip must be enabled and ownership of the TPM must be established in order to use the advanced security features available with Dell Data Protection | Access and the TPM. The Trusted Platform Module window in Device Management displays only when a TPM is detected on your system. TPM Management These functions enable the system administrator to manage the TPM. Status Displays a status of active or inactive for the TPM.
If you get an error stating that TPM ownership could not be established, clear the TPM in the system BIOS and attempt to establish ownership again. To clear the TPM, reboot your computer, press the F2 key when starting back up to access the BIOS settings, then navigate to Security>TPM Security>Clear TPM.
Dell ControlVault® The Dell ControlVault® (CV) is a secure hardware store for user credentials used during preWindows login (e.g., user passwords or enrolled fingerprint data). The ControlVault window in Device Management displays only when a ControlVault is detected on your system. ControlVault Management These functions enable the system administrator to manage the system's ControlVault. Status Displays a status of active or inactive for the ControlVault.
Self-Encrypting Drives: Advanced Dell Data Protection | Access manages the hardware-based security functions of selfencrypting drives, which have data encryption embedded in the drive hardware. This management is used to ensure that only authorized users can access encrypted data when drive locking is enabled. The Self-Encrypting Drive window in Device Management displays only when one or more selfencrypting drives (SED) are present on your system.
Displays the enrolled drive users, and the number of users currently enrolled. The maximum number of users supported is based on the self-encrypting drive (currently 4 users for Seagate drives and 24 for Samsung drives). Windows Password Sync The Windows password synchronization (WPS) feature automatically sets users' Self-Encrypting Drive passwords to be the same as their Windows password. This function is not enforced for the drive administrator; it is applicable only to the drive users.
Authentication Device Information The Authentication Device Information window in Device Management displays information and a status for all connected authentication devices (i.e. fingerprint reader, traditional or contactless smartcard reader) on the system. Technical Support Technical support for the Dell Data Protection | Access software can be found at http://www.wave.com/http://support.dell.com.
