Administrator Guide
Glossary
Activate - Activation occurs when the computer has been registered with the Security Management Server/Security Management Server
Virtual and has received at least an initial set of policies.
Active Directory (AD) - A directory service created by Microsoft for Windows domain networks.
Advanced Authentication - The Advanced Authentication product supports login with self-encrypting drives, SSO, and manages user
credentials and passwords. In addition, Advanced Authentication can be used to access not only PCs, but any website, SaaS, or application.
Once users enroll their credentials, Advanced Authentication allows use of those credentials to logon to the device and perform password
replacement.
Application Data Encryption - Application Data Encryption encrypts any le written by a protected application, using a category 2 override.
This means that any directory that has a category 2 protection or better, or any location that has specic extensions protected with
category 2 or better, will cause ADE to not encrypt those les.
BitLocker Manager - Windows BitLocker is designed to help protect Windows computers by encrypting both data and operating system
les. To improve the security of BitLocker deployments and to simplify and reduce the cost of ownership, Dell provides a single, central
management console that addresses many security concerns and oers an integrated approach to managing encryption across other non-
BitLocker platforms, whether physical, virtual, or cloud-based. BitLocker Manager supports BitLocker encryption for operating systems,
xed drives, and BitLocker To Go. BitLocker Manager enables you to seamlessly integrate BitLocker into your existing encryption needs and
to manage BitLocker with the minimum eort while streamlining security and compliance. BitLocker Manager provides integrated
management for key recovery, policy management and enforcement, automated TPM management, FIPS compliance, and compliance
reporting.
Cached Credentials - Cached credentials are credentials that are added to the PBA database when a user successfully authenticates with
Active Directory. This information about the user is retained so that a user can log in when they do not have a connection to Active
Directory (for example, when taking their laptop home).
Common Encryption – The Common key makes encrypted les accessible to all managed users on the device where they were created.
Deactivate - Deactivation occurs when SED management is turned OFF in the Remote Management Console. Once the computer is
deactivated, the PBA database is deleted and there is no longer any record of cached users.
Encryption External Media - This service within the Dell Encryption client applies policies to removable media and external storage devices.
Encryption External Media Access Code - This service within the Security Management Server/Security Management Server Virtual
allows for recovery of Encryption External Media protected devices where the user forgets their password and can no longer login.
Completing this process allows the user to reset the password set on the removable media or external storage device.
Encryption Client - The Encryption client is the on-device component that enforces security policies, whether an endpoint is connected to
the network, disconnected from the network, lost, or stolen. Creating a trusted computing environment for endpoints, the Encryption client
operates as a layer on top of the device operating system, and provides consistently-enforced authentication, encryption, and authorization
to maximize the protection of sensitive information.
Endpoint - a computer that is managed by Security Management Server/Security Management Server Virtual.
Encryption Keys - In most cases, the Encryption client uses the User key plus two additional encryption keys. However, there are
exceptions: All SDE policies and the Secure Windows Credentials policy use the SDE key. The Encrypt Windows Paging File policy and
Secure Windows Hibernation File policy use their own key, the General Purpose Key (GPK). The Common key makes les accessible to all
managed users on the device where they were created. The User key makes les accessible only to the user who created them, only on
16
124 Dell Data Security Endpoint Security Suite Pro
Glossary