Dell Data Protection
Administrator Guide 15
Enable Encryption
NOTE: Only Mac OS X Extended (Journaled) volumes and system disks that are partitioned with the GUID Partition Table (GPT) partition
scheme are supported for encryption.
Use this process to enable encryption on a client computer if encryption was not enabled prior to activation. This process
enables encryption only for a single computer. You can choose to enable encryption for all Mac computers at the
Enterprise
policy level if desired. For additional instructions about enabling encryption at the
Enterprise
policy level, see
the Admin Help.
1
As a Dell Administrator, log in to the Dell Remote Management Console.
2
In the left pane, click
Protect & Manage
>
Endpoints
.
3
Enter a filter to search for the endpoint. The wild card character is *. For best results, include non-wild card characters at
the beginning of the filter (e.g., User* instead of *ser). You can enter Common Name, Universal Principal Name, or
sAMAccountName. You may also leave the field blank to display all endpoints.
4
Click
Search
. An endpoint or list of endpoints displays, based on your search filter.
5
Locate the appropriate endpoint and click the
Details
icon.
6
Click the
Security Policies
tab.
7
Select the
Mac
Encryption
policy category.
8
Expand
General Settings
.
9
Verify that the
Encryption Enabled
policy is
True
.
10
If a Mac has a fusion drive, FileVault must be enabled to encrypt it. Verify that the
Encryption Enabled using FileVault
for Mac
policy is
True
. When FileVault encryption is enabled, none of the other policies in the group will be in effect.
11
Change other policies as desired.
NOTE: See the table on
page 16
for complete descriptions of each policy.
12
When finished, click
Save
.
13
In the left pane, click
Actions
>
Commit Policies
.
14
Click
Apply Changes
.
15
Wait for the policy to propagate from the Dell Enterprise Server to the Dell Policy Proxy, and then (on the target
computer) click
Refresh
in the Policies pane of Dell Data Protection Preferences.
After the client software has received the new policy, it performs a Disk Utility validation of the volumes targeted for
encryption and then configures those volumes for encryption.
This process may slow the responsiveness of the computer for a few minutes. For each volume pending encryption, a
dialog displays to the user indicating the operation is taking place.
NOTE: To maintain the integrity of user data, the client software does not begin encryption on a volume until the verification process is
successful on that volume. If a volume fails verification, the client software notifies the user and reports the failure in Dell Data
Protection Preferences. If you need to repair a volume, follow the instructions in Apple Support article HT1782
(
http://support.apple.com/kb/HT1782
). The client software re-attempts verification on the next computer restart.
The client software may prompt the user to restart the computer, depending on the User Experience policies set in the
Dell Remote Management Console
.
The client software can begin and complete the encryption process, as well as report encryption status to the
Dell Remote
Management Console
all before user login. This allows you to enforce compliance across all Mac computers without
requiring user interaction.
NOTE: Before encryption can begin:
After the computer restart, it must be connected to the network.
The client software must have successfully escrowed its encryption keys with the Dell Enterprise Server.