Users Guide
shut down, PBA activation begins. However, provisioning will be completed only after a subsequent reboot and entry of the
Encryption Administrator Password. [28722]
● Infrequently, after HCA policy is set, the Preboot Authentication screen does not display until the computer is restarted a
second time. [28762]
● During Preboot Authentication activation, if the computer is not connected to the network with access to the Enterprise
Server, the Encryption client does not enforce required shutdown and Preboot Authentication activation is not completed. If
Dell Data Protection | Encryption cannot access the Enterprise Server to back up encryption keys and other critical data,
PBA activation is not completed and the required shutdown does not occur. To work around this issue, ensure that the
computer has access to the Enterprise Server during the installation of Dell Data Protection | Encryption and policy
deployment to back up encryption keys and other critical data, complete PBA activation, and enforce required shutdown.
[28787/DDPC-37]
●
Support for migrating the Personal Edition HCA preboot environment into Enterprise Edition is not available in v8.3. [28794]
● After encryption is enabled, the computer intermittently logs a Critical System Event 41 in the System Event Logs with this
description: "The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped
responding, crashed, or lost power unexpectedly." The issue occurs only during a reboot and does not impact the security of
the data or the performance of the computer. [28795]
● Amended 12/2014 - Secure Boot is a Unified Extensible Firmware Interface (UEFI) protocol that Windows 8 and 8.1 users
can enable in the computer's BIOS to ensure that the computer boots using trusted firmware signed by the computer
manufacturer. The feature is not supported when the following conditions are met:
○ HCA with Dell Data Protection | Security Tools installed
○ HCA with Dell Data Protection | Encryption installed
○ HCA with Dell Data Protection | Security Tools and Dell Data Protection | Encryption installed
To upgrade to Windows 8 or 8.1 on a Dell computer with SED or HCA, Secure Boot cannot be enabled in BIOS. The
Secure Boot setting is disabled by default for computers shipping with Windows 7 or Windows 8/8.1 Downgrade Rights.
This setting should not be changed.
Instructions:
1. Turn on the power to your Dell computer. If the computer is already powered on, reboot it.
2. Press F2 or F12 continuously during boot until a message displays at the upper right of the screen that is similar to
"preparing to enter setup" (F2) or "preparing one-time boot menu" (F12). This launches the system BIOS.
3. In Setting > General > Boot Sequence, ensure that the Legacy Boot List Option is selected.
4. In Settings > General > Advanced Boot Options, ensure that the Enable Legacy Options ROMs check box is selected.
5. In Settings > Secure Boot > Secure Boot Enable, ensure that the Secure Boot Enable selection is Disabled.
6. Apply the changes.
7. Now that the computer BIOS has been changed to a legacy boot mode, the computer must be re-imaged.
[28790]
● When running Windows 7, a computer that is HCA encrypted may not boot in Windows Safe Mode. [28819]
● When using EMS Explorer, cutting and pasting a file does not remove the file from its original location. [28848]
● Upgrade from External Media Edition (EME) to Enterprise Edition (EE) fails, and a dialog that requests the Personal Edition
Entitlement displays. During the upgrade, EME will be uninstalled. However, the installer is attempting to deploy a DLL that is
in use by the EMS Service and requires a reboot to complete the deletion of the file. To work around this issue, uninstall the
EMS service using SCedit from the command line before upgrading to EE. [28853, 28854, 28855]
● After an upgrade from v8.2 to v8.3, the v8.2 Dell Data Protection | Encryption installer remains on the computer. [28885]
● During an SDE encryption sweep, although the disk is only partially encrypted based on the progress of the sweep, the
Security Console Encryption screen shows the disk as Protected. [28888]
● After a user is suspended in the Remote Management Console, the Shield ID is blank rather than indicating that the Shield is
unmanaged. On the client computer, the Dell Data Protection | Encryption local console does not open properly. [28893]
● Fingerprints and smart cards stop working after the Port Control System policy to disable USB ports is applied. Broadcom
USH hardware is a USB-attached device. When the policy to disable USB ports is applied, it prevents data transmission to
and from the Broadcom USH hardware, which prevents users from logging on with fingerprints or smart cards. The problem
can be resolved by applying a combination of policies that restrict access to USB external media by setting Windows
Portable Device and External Storage Device class policy to Read Only. This policy combination allows the Broadcom USH
hardware to function properly but prevents data from being transferred from the computer to external media such as USB
flash drives and smart phones. [28895]
76
Technical Advisories