Manualshelf

Deployment Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Tools
11121314151617181920
Configure Encryption and Preboot Authentication
Encryption and Preboot Authentication (PBA) are available if your computer is equipped with a self-encrypting drive (SED). Both are
configured through the Encryption tab, which is visible only if your computer is equipped with a self-encrypting drive (SED). When you
enable either encryption or PBA, the other is also enabled.
Before enabling encryption and PBA, Dell recommends that you enroll and enable Recovery Questions as a Recovery Option so you can
recover the password if it is lost. For more information, see Configure Sign-in Options.
To configure encryption and Preboot Authentication:
1. In the DDP Security Console, click the Administrator Settings tile.
2. Ensure that the backup location is accessible from the computer.
NOTE: When encryption is being enabled if a message displays, "Backup Location not found," and the backup
location is on a USB drive, either your drive is not connected or is connected to a different slot than the one you used
during backup. If the message displays, and the backup location is on a network drive, the network drive is
inaccessible from the computer. If it is necessary to change the backup location, from the Administrator Settings
tab, select Change Backup Location to change the location to the current slot or accessible drive. A few seconds
after reassigning the location, the process of enabling encryption can proceed.
3. Click the Encryption tab and then click Encrypt.
4. At the Welcome page, click Next.
5. In the Preboot Policy page, change or confirm the following values, and click Next.
Attempts at non-cached user login
Number of times an unknown user can attempt to log in (a user that has not
logged in to the computer before [no credentials have been cached]).
Attempts at cached user login Number of times can a known user attempt to log in.
Attempts at answering recovery
questions
Number of times the user can attempt to enter the correct answer.
Enable Crypto Erase Password Select to enable.
Enter the Crypto Erase Password A word or code of up to 100 characters used as a fail-safe security mechanism.
Entering this word or code in the user name or password field during the PBA
authentication deletes the authentication tokens for all users and locks the SED.
Afterward, only an administrator can forcibly unlock the device.
Leave this field blank if you do not want to have a crypto erase password available
in case of emergency.
20 Configuration Tasks for Administrators