Dell Encryption Admin Utilities
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 Dell Inc. All rights reserved.Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction....................................................................................................................................................4 Contact Dell ProSupport................................................................................................................................................... 4 2 Administrative Download Utility (CMGAd).....................................................................................................5 Use Forensic Mode.....
1 Introduction This document describes utilities for encryption key retrieval and file access. The utilities offer the following functions: Download Keys - CMGAd allows administrators to download a key material bundle for use on a computer that is not connected to a Dell Server. Launch Jobs - The CMGAlu command allows administrators to unlock User or Common encrypted files on a computer while a process is running.
2 Administrative Download Utility (CMGAd) This utility allows the download of a key material bundle for use on a computer that is not connected to a Dell Server. The Admin utilities can then use these offline bundles. This utility uses one of the following methods to download a key bundle, depending on the command line parameter passed to the application: • Forensic Mode - Used if -f is passed on the command line or if no command line parameter is used.
3 In Passphrase, enter a passphrase to protect the download file. The passphrase must be at least eight characters long, and contain at least one alphabetic and one numeric character. Confirm the passphrase. Either accept the default name and location of where the file will be saved to or click ... to select another location. Click Next. A message displays, indicating that the key material was successfully unlocked. Files are now accessible. 4 Click Finish when complete.
Use Admin Mode The Security Management Server Virtual does not use the Key Server, so Admin mode cannot be used to obtain a key bundle from a Security Management Server Virtual. Use Forensic mode to obtain the key bundle if the client is activated against a Security Management Server Virtual. 1 Open a command prompt where CMGAd is located and type cmgad.exe -a. 2 Enter the following information (some fields may be pre-populated).
A message displays, indicating that the key material was successfully unlocked. Files are now accessible. 4 Click Finish when complete.
3 Administrative Launch Utility (CMGAlu) This utility enables administrators to unlock User or Common encrypted files on a computer while a process is running. This utility is used to launch jobs from a management console. The utility must be copied to the target computer and any job that requires access to User or Common encrypted files is changed to run this utility, by passing the command line for the management job, to the utility. Once the process exits, the utility terminates.
Forensic Mode Parameters Description SCID is also known as DCID or Recovery ID. -? Command line help. Use Admin Mode Admin Mode Syntax CmgAlu -k -vX -aServerPrincipal -pPort [-r] [-XServer [-dMCID] [-sSCID]] "command" Admin Mode Parameters Description -k Indicates that Kerberos (Admin mode) is to be used. CmgAlu requires the -k flag to operate in Admin mode. -vX X indicates the log level. Log levels are 0-5 (0 is no logs/5 is debug level).
Backup File Mode Parameters -? Description Command line help.
4 Administrative Unlock Utility (CMGAu) This utility allows access to User, Common, or SDE encrypted files on a slaved drive, a computer booted in a pre-installed environment, or on a computer where an activated user is not logged in. This utility uses the following method to download a key material bundle: • Forensic Mode - Used if -f is passed on the command line, or if no command line parameter is used. • Admin Mode - Used if -a is passed on the command line. Log files can be located at C:\ProgramDat
Option Description MCID: Machine ID, such as machineID.domain.com DCID: First eight digits of the 16-digit Shield ID Click Next >. A message displays, indicating that the key material was successfully unlocked. Files are now accessible. 4 Once you are finished working with the encrypted files, click Finish. After you click Finish, the encrypted files are no longer available. Perform a Download Now in Admin Mode 1 Open a command prompt where CMGAu is located and type cmgau.exe -a.