Dell Data Protection Encryption AdminHelp Security Management Server V9.10 User Manual Admin Help Reference Guide4 En Us

User Manual: Dell dell-data-protection-encryption - AdminHelp - Security Management Server v9.10

Open the PDF directly: View PDF PDF.
Page Count: 304 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Security Management Server - AdminHelp
v9.10
i
Table of Contents
Welcome ......................................................................................................................... 1
About the Online Help System ............................................................................................ 1
Attributions, Copyrights, and Trademarks .............................................................................. 1
Get Started ..................................................................................................................... 11
Get Started with Dell Data Security ..................................................................................... 11
Log In ......................................................................................................................... 11
Log Out ....................................................................................................................... 11
Dashboard ................................................................................................................... 12
Start Services ............................................................................................................... 14
Stop Services ................................................................................................................ 15
Change the Superadmin Password ....................................................................................... 16
Components .................................................................................................................... 17
Remote Management Console ............................................................................................ 17
Architecture Drawings ..................................................................................................... 17
Architecture with Manager ............................................................................................. 17
Architecture with Encryption Enterprise for Windows/Manager ................................................. 18
Default Port Values ........................................................................................................ 18
Proxy Servers ................................................................................................................ 19
Types of Proxy Servers .................................................................................................. 19
Policy Proxy ................................................................................................................. 20
Time Slotting ............................................................................................................. 20
Polling ..................................................................................................................... 20
Poll Triggers ........................................................................................................... 20
Failed Poll Attempts .................................................................................................. 20
General Information .................................................................................................. 20
Navigate the Dell Server ..................................................................................................... 21
Navigation ................................................................................................................... 21
Dashboard ................................................................................................................. 21
Populations ............................................................................................................... 21
Reporting.................................................................................................................. 21
Management .............................................................................................................. 21
Masthead icons .............................................................................................................. 21
Table of Contents
ii
Disconnected Mode ......................................................................................................... 21
Client Activation ......................................................................................................... 22
Remote Management Console ......................................................................................... 22
Functionality ............................................................................................................. 22
Dashboard ................................................................................................................... 22
Dashboard ................................................................................................................. 23
Notifications List ......................................................................................................... 25
Notification Types .................................................................................................... 25
Priority Levels ......................................................................................................... 26
Endpoint Protection Status ............................................................................................. 26
Protection Status ........................................................................................................ 26
Threat Protection Status ............................................................................................... 27
Threat Protection Status for Severity Level ......................................................................... 27
Advanced Threat Prevention Events .................................................................................. 28
Advanced Threats by Priority .......................................................................................... 28
Advanced Threat Prevention Classifications ........................................................................ 30
Type of Threat ........................................................................................................ 30
Score .................................................................................................................... 32
File Type ............................................................................................................... 32
Priority Level .......................................................................................................... 32
Advanced Threats Top Ten ............................................................................................. 32
Endpoint Protection History............................................................................................ 33
Endpoint Inventory History ............................................................................................. 33
Summary Statistics ...................................................................................................... 33
Endpoint OS Report ...................................................................................................... 34
Platform Report .......................................................................................................... 34
Populations .................................................................................................................. 34
Populations ............................................................................................................... 34
Enterprise ................................................................................................................. 35
View or Modify Enterprise-Level Policies ......................................................................... 35
View Threat Events ................................................................................................... 35
Manage Enterprise Advanced Threats ............................................................................. 35
Advanced Threats tab ............................................................................................. 35
Advanced Threat Events tab...................................................................................... 36
Security Management Server - AdminHelp v9.10
iii
Domains ................................................................................................................... 36
Domains ................................................................................................................ 36
Add a Domain ....................................................................................................... 36
Users .................................................................................................................... 37
Add a User by Domain ............................................................................................. 37
User Groups ............................................................................................................ 38
Add a User Group................................................................................................... 38
Add Non-Domain Users ............................................................................................... 38
View or Modify Domain Policies and Information ................................................................ 38
Domain Details & Actions ............................................................................................ 39
Domain Members ...................................................................................................... 39
Domain Settings ....................................................................................................... 40
Domain Key Server .................................................................................................... 41
User Groups ............................................................................................................... 41
User Groups ............................................................................................................ 41
Add a User Group................................................................................................... 41
Remove User Groups ................................................................................................. 42
Find User Groups ...................................................................................................... 42
View or Modify User Group Policies and Information............................................................ 42
VDI User Policies ...................................................................................................... 43
Policy and Configuration Requirements for VDI Users ........................................................ 43
User Group Details & Actions ....................................................................................... 44
User Group Members ................................................................................................. 44
Add Users to the Group ........................................................................................... 44
Remove Users from the Group ................................................................................... 45
User Group Admin .................................................................................................... 45
Edit Group Priority .................................................................................................... 45
Edit Endpoint Group Priority ..................................................................................... 45
Edit User Group Priority ........................................................................................... 46
Assign or Modify Administrator Roles .............................................................................. 47
View Reconciliation Date ............................................................................................ 48
View Policy Proxy State .............................................................................................. 48
Users ....................................................................................................................... 48
Users .................................................................................................................... 48
Table of Contents
iv
Add a User by Domain ............................................................................................. 48
Remove Users .......................................................................................................... 49
Find Users .............................................................................................................. 49
Deactivate/Suspend Users ........................................................................................... 49
Reinstate Suspended Users .......................................................................................... 50
View or Modify User Policies and Information .................................................................... 50
User Details & Actions ................................................................................................ 51
User Endpoints ........................................................................................................ 51
User Groups ............................................................................................................ 52
User Admin ............................................................................................................. 53
View Reconciliation Date ............................................................................................ 53
View Policy Proxy State .............................................................................................. 53
Issue a User Decryption Policy ...................................................................................... 54
Endpoint Groups ......................................................................................................... 54
Endpoint Groups ...................................................................................................... 54
Types of Endpoint Groups ......................................................................................... 54
Add an Endpoint Group ............................................................................................ 54
Remove an Endpoint Group ....................................................................................... 55
Modify an Endpoint Group ........................................................................................ 55
VDI Endpoint Groups .................................................................................................. 55
Policy and Configuration Requirements for VDI Endpoint Groups .......................................... 55
Persistent vs. Non-Persistent VDI ................................................................................... 56
Endpoint Groups Specification ...................................................................................... 57
Endpoint Group Specification .................................................................................... 57
Operators and Expressions ........................................................................................ 58
Summary .......................................................................................................... 59
Examples .......................................................................................................... 59
Edit Group Priority .................................................................................................... 60
Edit Endpoint Group Priority ..................................................................................... 60
Edit User Group Priority ........................................................................................... 61
View Endpoints in an Endpoint Group ............................................................................. 62
View or Modify Endpoint Group Policies and Information ...................................................... 62
Endpoint Group Details & Actions .................................................................................. 63
Endpoint Group Members ............................................................................................ 63
Security Management Server - AdminHelp v9.10
v
Add Endpoints to an Admin-Defined Endpoint Group ......................................................... 63
Remove Endpoints from an Admin-Defined Endpoint Group ................................................ 64
Endpoints ................................................................................................................. 64
Endpoints ............................................................................................................... 64
Add Endpoint to Group ............................................................................................ 65
Remove Endpoints.................................................................................................. 65
Find Endpoints ......................................................................................................... 65
View or Modify Endpoint Policies and Information .............................................................. 66
View Effective Policy ................................................................................................. 66
Endpoint Details & Actions .......................................................................................... 67
Endpoint Detail ..................................................................................................... 67
Shield Detail ........................................................................................................ 68
Manager Detail (Windows only) .................................................................................. 71
States ................................................................................................................ 71
Threat Protection Detail (Windows only) ....................................................................... 73
Advanced Threat Prevention Detail ............................................................................. 73
Mobile Device Detail ............................................................................................... 73
Cloud Device Control .............................................................................................. 74
FDE Device Control (Windows only) ............................................................................. 74
PBA Device Control (Windows only) ............................................................................. 74
Protected Status ...................................................................................................... 75
Endpoint Users ........................................................................................................ 75
Shield ................................................................................................................ 76
Cloud ................................................................................................................. 76
Endpoint Groups ...................................................................................................... 76
Endpoint Threat Events .............................................................................................. 76
Endpoint Advanced Threats ......................................................................................... 77
List of Events ....................................................................................................... 77
Configure the Threat List ......................................................................................... 78
Export ............................................................................................................. 78
Quarantine ........................................................................................................ 78
Waive .............................................................................................................. 79
Exploit Attempts ................................................................................................... 79
Endpoint Advanced Threat Events ................................................................................. 79
Table of Contents
vi
Server Encryption Clients ............................................................................................ 80
Suspend a Server Encryption Client ............................................................................. 80
Reinstate a Suspended Server Encryption Client .............................................................. 80
Commands for Self-Encrypting Drives ............................................................................. 81
Priority of Commands for Self-Encrypting Drives ............................................................. 81
Allow PBA Login Bypass ........................................................................................... 81
Unlock a Self-Encrypting Drive ................................................................................... 82
Remove Users from Endpoint with Self-Encrypting Drive .................................................... 82
Lock a Self-Encrypting Drive...................................................................................... 82
Send Wipe Command to Self-Encrypting Drive ................................................................ 83
Set the Server Connection Retry Interval ...................................................................... 83
Administrators ............................................................................................................ 83
Assign or Modify Administrator Roles .............................................................................. 83
Administrator Roles ................................................................................................... 84
Delegate Administrator Rights ...................................................................................... 87
Reporting .................................................................................................................... 88
Manage Reports .......................................................................................................... 88
Manage Reports ....................................................................................................... 88
Manage reports ..................................................................................................... 88
View or modify an existing report ............................................................................... 88
Create a new report ............................................................................................... 88
View Report ............................................................................................................ 89
Query using Search and More... to filter ....................................................................... 90
Export File ........................................................................................................... 90
Compliance Reporter .................................................................................................... 90
Data Guardian Audit Events ............................................................................................ 91
Map visualization ...................................................................................................... 91
Audit event options and filters ..................................................................................... 92
Options in the Columns dropdown ............................................................................... 93
Protected Office Document audit events ......................................................................... 94
Examples of Map Visualization and Column Filters ........................................................... 96
Example of drilling in at the map level ...................................................................... 96
Get Started with Data Guardian Audit Events....................................................................... 97
Audit Protected Office Documents ................................................................................. 97
Security Management Server - AdminHelp v9.10
vii
Audit Cloud Encryption............................................................................................... 98
Default Monikers and Columns ...................................................................................... 98
EU General Data Protection Regulation (GDPR) .................................................................. 99
View Audit Events (Geolocation) ...................................................................................... 99
Event Data ........................................................................................................... 100
Export Events to a SIEM/Syslog Server ............................................................................. 100
Export Audit Events with TLS/SSL over TCP .................................................................... 101
Advanced Threat Prevention Syslog Event Types ................................................................. 102
Advanced Threat Prevention Syslog IP Addresses ................................................................ 105
Management ............................................................................................................... 106
Commit Policies ........................................................................................................ 106
Log Analyzer ............................................................................................................ 106
Recovery ................................................................................................................ 107
Recover Data - Encryption External Media Authentication Failure ......................................... 107
Encryption External Media Recovery for User "Removed" from Database .................................. 110
Enable Federated Key Recovery .................................................................................. 111
Recover Data - BitLocker Manager ............................................................................... 111
SED Recovery ........................................................................................................ 111
SED Authentication Failure ..................................................................................... 111
SED Endpoint Recovery .......................................................................................... 111
Recover Endpoint ................................................................................................... 112
Windows Recovery ............................................................................................... 112
SED Recovery ..................................................................................................... 112
Encryption External Media Recovery .......................................................................... 112
Mac Recovery ..................................................................................................... 112
License Management .................................................................................................. 112
License Management ............................................................................................... 113
Upload Client Access Licenses ................................................................................. 113
View or Add License Notifications ............................................................................. 113
CAL Information ..................................................................................................... 113
Licensing ........................................................................................................... 113
Upload Client Access Licenses .................................................................................... 114
Services Management ................................................................................................. 115
Services Management .............................................................................................. 115
Table of Contents
viii
Provision or Recover Advanced Threat Prevention Service .................................................. 115
Provision service ................................................................................................. 115
Recover service ................................................................................................... 115
Enroll for Advanced Threat Prevention Agent Auto Updates ................................................ 116
Receive agent auto updates .................................................................................... 116
Stop receiving agent auto updates ............................................................................ 116
Events Management - Export Audit Events to a SIEM Server ................................................. 116
Product Notifications ................................................................................................. 116
Receive product notifications ..................................................................................... 116
Stop receiving product notifications ............................................................................. 117
Notification Management ............................................................................................. 117
Notification Management .......................................................................................... 117
Enable SMTP Server for Email Notifications .................................................................... 117
NotificationObjects.config ...................................................................................... 117
Notification.config ............................................................................................... 118
External User Management ........................................................................................... 118
Allow or Block Access .............................................................................................. 118
Key Request .......................................................................................................... 119
Key Revocation ...................................................................................................... 119
Change the Superadmin Password .................................................................................. 119
Change Account Lockout Settings ................................................................................... 120
Manage Policies .............................................................................................................. 121
Manage Security Policies ................................................................................................ 121
Localize Policies Displayed on the Endpoint Computer ............................................................ 122
Localizable Policies ...................................................................................................... 123
Windows Encryption...................................................................................................... 125
Windows Encryption ................................................................................................... 125
Variables ............................................................................................................. 134
%CSIDL:name% ................................................................................................. 134
%HKCU:regpath% ............................................................................................... 136
%HKLM:regpath% ............................................................................................... 136
%ENV:envname% ............................................................................................... 136
%% ................................................................................................................ 136
Windows Policies that Require Reboot .......................................................................... 136
Security Management Server - AdminHelp v9.10
ix
Windows Policies that Require Logoff ........................................................................... 136
Advanced Windows Encryption ...................................................................................... 136
Variables ............................................................................................................. 166
%CSIDL:name% ................................................................................................. 166
%HKCU:regpath% ............................................................................................... 168
%HKLM:regpath% ............................................................................................... 168
%ENV:envname% ............................................................................................... 168
%% ................................................................................................................ 168
Windows Policies that Require Reboot .......................................................................... 168
Windows Policies that Require Logoff ........................................................................... 168
Encryption Rules ....................................................................................................... 169
Protected Directories .............................................................................................. 169
Modifiers What they are and what they do ................................................................... 171
Using the Override Modifier ....................................................................................... 171
Encrypting/Not Encrypting Extensions .......................................................................... 171
Examples of extension inclusions/exclusion .............................................................. 171
Encrypting/Not Encrypting Directories .......................................................................... 172
Examples of folder inclusion/exclusion .................................................................... 172
Sub-directories and Precedence of Directives.................................................................. 172
Example of sub-directories .................................................................................. 172
Example 1 of competing directives: ........................................................................ 172
Example 2 of competing directives: ........................................................................ 173
Example 3 of competing directives: ........................................................................ 173
Environment Variables, KNOWNFOLDERID constants, and CSIDL ............................................ 173
Application Data Encryption (ADE) ............................................................................... 175
Example Policies for Common/User Key Encryption ........................................................ 175
System Data Encryption (SDE) .................................................................................... 175
Policies for SDE Encryption ..................................................................................... 176
Notes .................................................................................................................. 180
Protection of SystemRoot ....................................................................................... 180
Encryption External Media ...................................................................................... 180
What Happens When Policies Tie .............................................................................. 181
Generic Drive Statements ....................................................................................... 181
Remove System Data Encryption (SDE) ............................................................................. 181
Table of Contents
x
Remove HCA-Based Encryption ...................................................................................... 181
Authentication ............................................................................................................ 181
Authentication ......................................................................................................... 181
Advanced Authentication ............................................................................................. 183
Threat Prevention ........................................................................................................ 190
Threat Prevention ..................................................................................................... 190
Advanced Threat Prevention ......................................................................................... 194
Client Firewall Settings and Rules .................................................................................. 227
Client Firewall Options .......................................................................................... 227
Client Firewall Rules ............................................................................................. 229
Policies Set by Application Control ................................................................................. 232
Advanced Threat Events tab fields and filters .................................................................... 233
Manage Enterprise Advanced Threats - Protection ............................................................... 233
Threats ............................................................................................................... 233
File Details ........................................................................................................... 235
Script Control Table ................................................................................................ 235
Manage Enterprise Advanced Threats - Agents ................................................................... 236
Manage Enterprise Advanced Threats - Certificate .............................................................. 236
Manage Enterprise Advanced Threats - Cylance Score and Threat Model Updates ......................... 237
Threat Model Updates .............................................................................................. 237
Manage Enterprise Advanced Threats - Global List............................................................... 238
Global Quarantine .................................................................................................. 238
Safe ................................................................................................................... 239
Unassigned ........................................................................................................... 240
Manage Enterprise Advanced Threats - Options .................................................................. 241
Threat Data Report .................................................................................................... 242
Export Data .......................................................................................................... 242
Advanced Threat Prevention Classifications ...................................................................... 242
Enable Compatibility Mode for Memory Protection .............................................................. 242
Disconnected Mode Policy Examples ............................................................................... 244
Global Allow policy example ...................................................................................... 244
Quarantine List and Safe List policy examples ................................................................. 246
Threat Protection Policy Overview ................................................................................. 247
Configurable Actions - After Threat is Detected ......................................................... 248
Security Management Server - AdminHelp v9.10
xi
Reputation Service Sensitivity policies ..................................................................... 248
Client Firewall Policies .......................................................................................... 249
Client Firewall options........................................................................................ 249
Client Firewall rules .......................................................................................... 249
Web Protection Policies ......................................................................................... 249
Designate a Threat Protection Signature Update Server ........................................................ 250
Data Guardian ............................................................................................................. 251
Data Guardian .......................................................................................................... 251
Advanced Data Guardian ............................................................................................. 255
Set Cover Page Policies ............................................................................................ 263
Cloud Profile Update .................................................................................................. 264
Set Policies to Protect Office Documents in Windows ........................................................... 264
Set Policies for Protected Office Documents ................................................................... 265
Determine Impact on Windows Users for Opt-in or Force Protected Modes ............................... 265
Enable Both Cloud Encryption and Protected Office Documents ............................................ 267
Set Policies to Protect Office Documents in Mac ................................................................. 267
Set Protected Office Document Policies ........................................................................ 268
Set Policies to Protect Office Documents in Mobile Devices .................................................... 268
Set Protected Office Document Policies ........................................................................ 268
Set Policies to Protect Office Documents on the web client ................................................... 269
Set Protected Office Document Policies ........................................................................ 269
Removable Media Encryption ........................................................................................... 269
Removable Media Encryption ........................................................................................ 269
Removable Media Policies that Require Logoff ................................................................ 272
Advanced Removable Media Encryption............................................................................ 272
Removable Media Policies that Require Logoff ................................................................ 281
Mac Encryption............................................................................................................ 281
Mac Encryption ......................................................................................................... 281
Advanced Mac Encryption ............................................................................................ 284
Port Control ............................................................................................................... 285
Port Control ............................................................................................................ 285
Advanced Port Control ................................................................................................ 286
Global Settings ............................................................................................................ 288
Advanced Global Settings ............................................................................................... 289
1
Welcome
About the Online Help System
Version: 9.10
Attributions, Copyrights, and Trademarks
Dell Encryption is a trademark of Dell Inc.
Protected by one or more U.S. Patents, including: Number 7665125; Number 7437752; and Number 7665118.
The software described in this help system is furnished under a license agreement and may be used only in
accordance with the terms of the agreement.
Third Party Software
I. OpenSSL License - Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the
original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses
are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact
openssl-core@openssl.org.
OpenSSL License
====================================================================
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
A. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
B. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and
the following disclaimer in the documentation and/or other materials provided with the distribution.
C. All advertising materials mentioning features or use of this software must display the following
acknowledgment: "This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit. (http://www.openssl.org/)".
D. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote
products derived from this software without prior written permission. For written permission, please
contact openssl-core@openssl.org.
E. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their
names without prior written permission of the OpenSSL Project.
F. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/)" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
Welcome
2
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
====================================================================
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This
product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL
implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to
conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as
the following conditions are adhered to. The following conditions apply to all code found in this
distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation
included with this distribution is covered by the same copyright terms except that the holder is Tim
Hudson (tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright notices in the
code are not to be removed. If this package is used in a product, Eric Young should be given
attribution as the author of the parts of the library used. This can be in the form of a textual message
at program startup or in documentation (online or textual) provided with the package. Redistribution
and use in source and binary forms, with or without modification, are permitted provided that the
following conditions are met:
a. Redistributions of source code must retain the copyright notice, this list of conditions and the
following disclaimer.
b. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials provided
with the distribution.
c. All advertising materials mentioning features or use of this software must display the
following acknowledgement:
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The
word 'cryptographic' can be left out if the routines from the library being used are not
cryptographic related.
d. If you include any Windows specific code (or a derivative thereof) from the apps directory
(application code) you must include an acknowledgement:
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)" THIS SOFTWARE IS
PROVIDED BY ERIC YOUNG "AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and
distribution terms for any publicly available version or derivative of this code cannot be
changed. i.e. this code cannot simply be copied and put under another distribution licence
[including the GNU Public Licence.].
II. Portions of this product use Commons IO, Commons DBCP, and Commons LANG. You may obtain a copy
of the licenses at http://www.apache.org/licenses/LICENSE-2.0.
III. Portions of this product use OrientDB. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
Security Management Server - AdminHelp v9.10
3
IV. Portions of this product use Apache Wink. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
V. Portions of this product use Jackson JSON. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
VI. Portions of this product use Jetty. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
VII. Portions of this product use ActiveMQ. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
VIII. Portions of this product use jasypt. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
IX. Portions of this product make use of zlib. You may obtain a copy of the license at
http://www.zlib.net/zlib_license.html.
/* zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.7, May 2nd, 2012
Copyright (C) 1995-2012 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any
express or implied warranty. In no event will the authors be held liable for any damages arising from the
use of this software. Permission is granted to anyone to use this software for any purpose, including
commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
A. The origin of this software must not be misrepresented; you must not claim that you wrote the
original software. If you use this software in a product, an acknowledgment in the product
documentation would be appreciated but is not required.
B. Altered source versions must be plainly marked as such, and must not be misrepresented as being
the original software.
C. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler
jloup@gzip.org madler@alumni.caltech.edu.
X. Portions of this product make use of Apache Tomcat (www.apache.org). You may obtain a copy of the
license at http://www.apache.org/licenses/LICENSE-2.0.txt.
XI. Portions of this product make use of Apache Commons HTTPClient. You may obtain a copy of the license
at http://opensource.org/licenses/apache2.0.
XII. Portions of this product make use of log4net. You may obtain a copy of the license at
http://logging.apache.org/log4net/license.html.
XIII. Portions of this product make use of MVVM Light Toolkit. You may obtain a copy of the license at
http://mvvmlight.codeplex.com/license.
XIV. Portions of this product make use of Apache JDBCLog, Apache Software Foundation. You may obtain a
copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt.
XV. Portions of this product make use of Apache Log4J, Apache Software Foundation. You may obtain a copy
of the license at http://www.apache.org/licenses/LICENSE-2.0.txt.
XVI. Portions of this product make use of Apache Struts, Apache Software Foundation. You may obtain a
copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt.
XVII. Portions of this product make use of Struts2. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XVIII. Portions of this product make use of Struts Beanutils, Apache Software Foundation. You may obtain
a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt.
XIX. Portions of this product make use of Struts Digester, Apache Software Foundation. You may obtain a
copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt.
Welcome
4
XX. Portions of this product make use of Apache xmlrpc, Apache Software Foundation. You may obtain a
copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt.
XXI. Portions of this product make use of Bean Scripting Framework (http://commons.apache.org/bsf/),
Apache License, Version 2.0, January 2004 http://commons.apache.org/license.html.
XXII. Portions of this product make use of Apache Commons CLI (http://commons.apache.org/cli/),
Apache License, Version 2.0, January 2004 http://commons.apache.org/license.html.
XXIII. Portions of this product make use of Apache Commons EL (http://commons.apache.org/el/),
Apache License, Version 2.0, January 2004 http://commons.apache.org/license.html.
XXIV. Portions of this product make use of Groovy. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.html.
XXV. Portions of this product make use of H2. You may obtain a copy of the license at
http://www.h2database.com/html/license.html.
XXVI. Portions of this product make use of Spring.net Application Framework. You may obtain a copy of
the license at http://www.apache.org/licenses/LICENSE-2.0.html.
XXVII. Portions of this product make use of Java Service Wrapper
(http://www.tanukisoftware.com/en/index.php). You may obtain a copy of the license at
http://wrapper.tanukisoftware.com/doc/english/licenseOverview.html.
XXVIII. Portions of this product make use of Xalan. You may obtain a copy of the license at
http://xml.apache.org/xalan-j/.
XXIX. Portions of this product make use of FreeMarker. You may obtain a copy of the license at
http://freemarker.sourceforge.net/docs/app_license.html.
XXX. Portions of this product make use of Velocity. You may obtain a copy of the license at
http://velocity.apache.org/.
XXXI. Portions of this product make use of MSV. You may obtain a copy of the license at
http://opensource.org/licenses/apache2.0.
XXXII. Portions of this product make use of FLIB. You may obtain a copy of the license at
http://opensource.org/licenses/artistic-license.html.
XXXIII. Portions of this product makes use of libraries developed by Boost
(http://www.boost.org/users/license.html), under the following license: Boost Software License - Version
1.0 - August 17th, 2003.
XXXIV. Portions of this product make use of ANTLR. You may obtain a copy of the license at
http://antlr.org/license.html.
XXXV. Portions of this product make use of BIRT. You may obtain a copy of the license at
http://www.eclipse.org/org/documents/epl-v10.php.
XXXVI. Portions of this product make use of the getopt function, Copyright © 1987-2002 The Regents of the
University of California. All rights reserved. Redistribution and use in source and binary forms, with or
without modification, are permitted provided that the following conditions are met:
A. Redistributions of source code must retain the above copyright notice, this list of conditions and the
following disclaimer.
B. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and
the following disclaimer in the documentation and/or other materials provided with the distribution.
C. Neither the names of the copyright holders nor the names of its contributors may be used to endorse
or promote products derived from this software without specific prior written permission.
Security Management Server - AdminHelp v9.10
5
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
XXXVII. Portions of this product make use of the SHA-2 algorithm, Copyright © 2002, Dr. Brian Gladman
(brg@gladman.me.uk), Worcester, UK. All rights reserved.
A. LICENSE TERMS
The free distribution and use of this software in both source and binary form is allowed (with or
without changes) provided that:
1. Distributions of this source code include the above copyright notice, this list of conditions and
the following disclaimer;
2. Distributions in binary form include the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other associated materials;
3. The copyright holder's name is not used to endorse products built using this software without
specific written permission.
DISCLAIMER
This software is provided "as is" with no explicit or implied warranties in respect of its
properties, including, but not limited to, correctness and/or fitness for purpose.
XXXVIII. Portions of this product make use of STLport. A copy of the license may be obtained at
http://www.stlport.org/doc/license.html.
A. License Agreement:
Boris Fomitchev grants Licensee a non-exclusive, non-transferable, royalty-free license to use STLport
and its documentation without fee.
By downloading, using, or copying STLport or any portion thereof, Licensee agrees to abide by the
intellectual property laws and all other applicable laws of the United States of America, and to all of
the terms and conditions of this Agreement.
Licensee shall maintain the following copyright and permission notices on STLport sources and its
documentation unchanged:
Copyright 1999,2000 Boris Fomitchev
This material is provided "as is", with absolutely no warranty expressed or implied. Any use is at your
own risk.
Permission to use or copy this software for any purpose is hereby granted without fee, provided the
above notices are retained on all copies. Permission to modify the code and to distribute modified
code is granted, provided the above notices are retained, and a notice that the code was modified is
included with the above copyright notice.
The Licensee may distribute binaries compiled with STLport (whether original or modified) without
any royalties or restrictions.
The Licensee may distribute original or modified STLport sources, provided that:
o The conditions indicated in the above permission notice are met;
Welcome
6
o The following copyright notices are retained when present, and conditions provided in
accompanying permission notices are met :
Copyright 1994 Hewlett-Packard Company - Permission to use, copy, modify, distribute and
sell this software and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that both that copyright
notice and this permission notice appear in supporting documentation. Hewlett-Packard
Company makes no representations about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
Copyright 1996,97 Silicon Graphics Computer Systems, Inc. - Permission to use, copy, modify,
distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting documentation. Silicon
Graphics makes no representations about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
Copyright 1997 Moscow Center for SPARC Technology - Permission to use, copy, modify,
distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting documentation. Moscow
Center for SPARC Technology makes no representations about the suitability of this software
for any purpose. It is provided "as is" without express or implied warranty.
XXXIX. Portions of this product make use of The Legion of Bouncy Castle Software. Copyright (c) 2000 -
2016 The Legion Of The Bouncy Castle. You may obtain a copy of the license at
http://www.bouncycastle.org/licence.html.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Note: Our license is an adaptation of the MIT X11 License and should be read as such.
License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
XL. Portions of this product make use of ResizableLib. You may obtain a copy of the license at
http://opensource.org/licenses/artistic-license-1.0.
XLI. Portions of this product make use of Spring Framework. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XLII. Portions of this product use $File:
Security Management Server - AdminHelp v9.10
7
A. LEGAL NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $. Copyright (c) Ian F. Darwin 1986, 1987,
1989, 1990, 1991, 1992, 1994, 1995. Software written by Ian F. Darwin and others; maintained 1994-
Christos Zoulas. This software is not subject to any export provision of the United States Department of
Commerce, and may be exported to any country or planet. Redistribution and use in source and binary
forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice immediately at the
beginning of the file, without modification, this list of conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
XLIII. Portions of this product use UFSD Paragon NTFS for Windows Driver based on Paragon Universal File
System Driver (UFSD) Technology. Copyright (C) 2008 Paragon Technologie GmbH. All rights reserved. This
software is provided 'as-is', without any express or implied warranty.
XLIV. Portions of this product use JDBC drivers - licensed from DataDirect Technologies.
XLV. Portions of this product make use of DIMime, available at
http://www.zeitungsjunge.de/delphi/mime/.
XLVI. Portions of this product make use of RSA Security Inc. PKCS #11 Crypto Token Interface (Cryptoki).
XLVII. Portions of this product use DropNet. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XLVIII. Portions of this product use Hardcodet WPF NotifyIcon 1.0.8. You may obtain a copy of the license
at http://www.codeproject.com/info/cpol10.aspx.
XLIX. Portions of this product use MahApps.Metro 1.2.4.0. You may obtain a copy of the license at
http://opensource.org/licenses/ms-pl.
L. Portions of this product use Microsoft Practices Enterprise Library 6.0.1304.0. You may obtain a copy of
the license at http://opensource.org/licenses/ms-pl.
LI. Portions of this product use Microsoft Practices Prism 4.1. You may obtain a copy of the license at
http://opensource.org/licenses/ms-pl.
LII. Portions of this product use Microsoft Practices Unity 2.1. You may obtain a copy of the license at
http://opensource.org/licenses/ms-pl.
LIII. Portions of this product use RestSharp 105.2.3. You may obtain a copy of the license at
https://github.com/restsharp/RestSharp/blob/master/LICENSE.txt.
LIV. Portions of this product use System.Data.SQLite 1.0.102.0. You may obtain a copy of the copyright
statement at http://www.sqlite.org/copyright.html.
LV. Portions of this product use android-passwordsafe 0.6.0. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LVI. Portions of this product use Dropbox.NET 3.4.0. You may obtain a copy of the license at
https://github.com/dropbox/dropbox-sdk-dotnet/blob/master/LICENSE.
Welcome
8
LVII. Portions of this product use Newtonsoft JSON 9.0.1. You may obtain a copy of the license at
https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/master/LICENSE.md.
LVIII. Portions of this product use NT Security Classes for .NET. You may obtain a copy of the license at
http://www.codeproject.com/info/cpol10.aspx.
LIX. Portions of this product use Prism Core 6.1. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LX. System.IdentityModel.Tokens.Jwt 4.0.2. You may obtain a copy of the license at
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-
dotnet/blob/master/LICENSE.txt.
LXI. Portions of this product use Unity 4.0.1. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXII. Portions of this product use the Dropbox Android SDK 1.6.3. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
LXIII. Portions of this product use the Dropbox json_simple-1.1.jar. You may obtain a copy of the license
at http://opensource.org/licenses/MIT.
LXIV. Portions of this product use the Box Android Library V2. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXV. Portions of this product use the Box Java Library V2. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXVI. Portions of this product use Apache HttpClient Cache 4.2.5. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXVII. Portions of this product use Apache HttpClient 4.2.5. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXVIII. Portions of this product use Apache HttpCore 4.2.4. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXIX. Portions of this product use Apache HttpClient Mime 4.2.5. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXX. Portions of this product use Apache Commons IO 2.4. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXI. Portions of this product use Apache Commons Lang 2.6. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXII. Portions of this product use JUnit 4.11. You may obtain a copy of the license at
https://www.eclipse.org/legal/epl-v10.html.
LXXIII. Portions of this product use EasyMock 3.1. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXIV. Portions of this product use Jackson Databind 2.4.4. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXV. Portions of this product use Jackson Core 2.4.4. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXVI. Portions of this product use Jackson Annotations 2.4.4. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXVII. Portions of this product use Apache Maven Wagon 2.2. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
Security Management Server - AdminHelp v9.10
9
LXXVIII. Portions of this product use Scribe OAuth Library 1.3.0. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
LXXIX. Portions of this product use JSON Web Token Support for the JVM 0.6.0. You may obtain a copy of
the license at http://www.apache.org/licenses/LICENSE-2.0.
LXXX. Portions of this product use OneDrive SDK Android 1.2.2. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
LXXXI. Portions of this product use Microsoft Services MSA Auth 0.8.4. You may obtain a copy of the license
at http://opensource.org/licenses/MIT.
LXXXII. Portions of this product use Adal 1.1.7. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXXIII. Portions of this product use Google API Client Library for Java with Android Platform Extensions and
GSON Extensions 1.20.0. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-
2.0.
LXXXIV. Portions of this product use Google Drive API V3 Rev 170 1.22.0. You may obtain a copy of the
license at http://www.apache.org/licenses/LICENSE-2.0.
LXXXV. Portions of this product use Backport Util Concurrent 3.1. You may obtain a copy of the license at
https://creativecommons.org/publicdomain/zero/1.0.
LXXXVI. Portions of this product use Apache Commons Logging 1.1.3. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
LXXXVII. Portions of this product use Flurry Analytics 4.1.0. You may obtain a copy of the license at
https://developer.yahoo.com/flurry/legal-privacy/terms-service/flurry-analytics-terms-service.html.
LXXXVIII. Portions of this product use kSOAP2 3.4.0. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
LXXXIX. Portions of this product use FindBugs Jsr305. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XC. Portions of this product use Google Gson 2.3.1. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XCI. Portions of this product use Hockey SDK 3.0.2. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
XCII. Portions of this product use Picasso 2.5.2. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XCIII. Portions of this product use Circular Floating Action Menu Library 1.0.2. You may obtain a copy of
the license at http://opensource.org/licenses/MIT.
XCIV. Portions of this product use Apache Commons Codec 1.8. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
XCV. Portions of this product use Apache Commons Compress 1.1. You may obtain a copy of the license
at http://www.apache.org/licenses/LICENSE-2.0.
XCVI. Portions of this product use One Password App Extension 1.8. You may obtain a copy of the license
at http://opensource.org/licenses/MIT.
XCVII. Portions of this product use Azure Active Directory Authentication Library 1.2.9. You may obtain a
copy of the license at http://opensource.org/licenses/MIT.
XCVIII. Portions of this product use AF Networking 2.6.3. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
Welcome
10
XCIX. Portions of this product use Box iOS SDK 1.0.11. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
C. Portions of this product use CT Assets Picker Controller 2.9.5. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CI. Portions of this product use Google API Objective C Client 1.0.422. You may obtain a copy of the license
at http://www.apache.org/licenses/LICENSE-2.0.
CII. Portions of this product use Google GTM HTTP Fetcher 1.0.141. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
CIII. Portions of this product use Google GTM OAuth 2 1.0.126. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
CIV. Portions of this product use Hockey SDK iOS 3.8.6. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CV. Portions of this product use libextobjc 0.4.1. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CVI. Portions of this product use libPhoneNumber iOS 0.8.11. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
CVII. Portions of this product use MBProgressHUD 0.9.2. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CVIII. Portions of this product use NSData Base64 1.0.0. You may obtain a copy of the license at
http://opensource.org/licenses/Zlib.
CIX. Portions of this product use OneDrive SDK iOS 1.1.2. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CX. Portions of this product use RNCryptor 3.0.1. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CXI. Portions of this product use SSZipArchive 1.1. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CXII. Portions of this product use SVProgressHUD 2.0.2. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CXIII. Portions of this product use WEPopover 1.0.0. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CXIV. Portions of this product use XMLDictionary. You may obtain a copy of the license at
http://opensource.org/licenses/Zlib.
CXV. Portions of this product use NHNetworkTime 1.7. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
CXVI. Portions of this product use the Dropbox iOS SDK. You may obtain a copy of the license at
http://opensource.org/licenses/MIT.
CXVII. Portions of this product use Flurry iOS SDK 5.3.0. You may obtain a copy of the license at
http://www.apache.org/licenses/LICENSE-2.0.
Trademarks
iPad®, iPhone®, iPod®, iPod touch®, iPod shuffle®, and iPod nano® are trademarks of Apple Inc.,
registered in the U.S. and other countries.
Android and the Android Logo are trademarks or registered trademarks of Google, Inc. in the United States
and other countries.
11
Get Started
Get Started with Dell Data Security
Once your environment has been configured in the Server Configuration Tool, ensure that Dell
Services are started.
Log in to the Remote Management Console.
Add Client Access Licenses, as needed.
Add Domains from your directory server.
If you require that users receive non-default policies upon activation, modify policies at the
appropriate level.
Add Groups and Users, as necessary.
Assign Administrators, as necessary.
Deploy clients.
Log In
To perform a given administrative procedure, an Administrator must first log in to the Remote Management
Console using an appropriate Dell Administrator account.
The Security Management Server installs with a default Super Administrator user name (superadmin) and
password (changeit) that you can use to add additional Dell Administrator accounts.
1. Open Internet Explorer and type http://server.domain.com:8443/webui/login.
2. If you are logging in for the first time, in the Username: field, enter superadmin. In the Password:
field, enter changeit.
If you are not logging in for the first time, in the Username: field, enter your Username in one of
the formats listed below. In the Password: field, enter <your_case-sensitive_password>.
user@domain.com (preferred format)
sAMAccountName, such as jsmith
<domain>\<username> - You must specify your domain name as an alias to use this format. For
more information, refer to Add Domains.
If you are not logging in for the first time, in the Username: field, enter your Username in one
of the formats listed below. In the Password: field, enter <your_case-sensitive_password>.
3. Click Sign in.
To log out, see Log Out.
Log Out
Note: If you are an Account Administrator and make changes to your own account, you must log out and log
back in to see the results.
Get Started
12
Click the gear icon in the top right corner of the Remote Management Console and select Log out
from the drop-down menu.
Dashboard
The Dashboard displays an overview of status information for your enterprise. You can access more detailed
information directly from the Dashboard by clicking its statistics, graphs, and chart legends.
In the top right, select the Widgets menu to add or remove the following options:
Notifications
Protection Status
Threat
Protection History
Inventory History
Summary Statistics
The images below reflect what you may see in the Dashboard. Content may vary based on the features
installed and enabled on your Dell Security Management Server and endpoints.
Click an area below to view a description of the detail you can access by clicking the same area in your
Dashboard.
Security Management Server - AdminHelp v9.10
13
Note: An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a
recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are
newly detected as potentially unsafe files or programs and require guided remediation.
Get Started
14
Start Services
Start the following Services:
Dell Compatibility Server
Dell Compliance Reporter
Dell Console Web Services
Dell Core Server
Dell Device Server
Dell Key Server
Dell Message Broker
Dell Policy Proxy
Security Management Server - AdminHelp v9.10
15
Dell Security Server
From the Service Panel:
1. Click Start > Run. Type services.msc and click OK.
2. In the Services (Local) window, highlight Dell Compatibility Server. Right-click the entry and select
Start.
3. Continue in the manner above until all Dell Services are started.
4. Close the Services window.
To stop Services, see Stop Services.
Stop Services
You may find it necessary to shut down the Services to run backups or perform other system maintenance.
While the Server is down, the Policy Proxy cannot poll the Server, which means that it cannot pick up
updated security policies, or activate/reactivate endpoints.
Stop the following Services:
Dell Compatibility Server
Dell Compliance Reporter
Dell Console Web Services
Dell Core Server
Dell Device Server
Dell Key Server
Dell Message Broker
Dell Policy Proxy
Dell Security Server
From the Service Panel:
1. Click Start > Run. Type services.msc and click OK.
2. In the Services (Local) window, highlight Dell Compatibility Server. Right-click the entry and select
Stop.
3. Continue in the manner above until all Dell Services are stopped.
4. Close the Services window.
To start Services, see Start Services.
Get Started
16
Change the Superadmin Password
1. In the masthead at the top of the screen, click the gear icon and select Change superadmin
password.
2. Enter the Current Password.
3. Enter the New Password.
The new password must be at least 6 characters, contain at least one capital letter and one of these
characters: ~@#$%^*()|?!{}[].
4. Confirm the New Password.
5. Click Update.
NOTE: After three failed login attempts, the superadmin account is locked for five minutes. To change these
settings, see Set or Change Account Lockout Settings.
17
Components
Remote Management Console
The Remote Management Console allows administrators to monitor the state of endpoints, policy
enforcement, and protection across the enterprise.
For increased security, the Remote Management Console separates administrator duties into administrator
roles. For example, the Security Administrator can change and commit security policies for the entire
enterprise, groups of users, or individual users.
The Remote Management Console has the following features.
Centralized management of diverse mobile devices
"No change", read-only integration with existing enterprise directory servers
Role-based mobile security policy creation and management
Administrator-assisted device recovery
Separation of administrative duties
Automatic distribution of mobile security policies
Mobile device inventory
Searchable, ODBC-compliant system logs
Trusted paths for communication between components
Unique encryption key generation and automatic secure key escrow
Centralized compliance auditing and reporting
Architecture Drawings
Architecture with Manager
Components
18
Architecture with Encryption Enterprise for Windows/Manager
Default Port Values
Internal:
Active Directory communication: TCP/389
Email communication (optional): 25
To Front End (if needed):
Communication from external Dell Policy Proxy to Dell Message Broker: TCP/61616 and STOMP/61613
Communication to Back End Dell Security Server: HTTPS/8443
Communication to Back End Dell Core Server: HTTPS/8888 and 9000
Communication to RMI ports - 1099
Communication to Back End Dell Device Server: HTTP(S)/8443 - If your Dell Server is v7.7 or later. If your
Dell Server is pre-v7.7, HTTP(S)/8081.
Dell Message Broker: TCP/61616 and STOMP/61613 (closed or, if configured for DMZ, 61613 is open)
External (if needed):
SQL Database: TCP/1433
LDAP: TCP/389/636 (local domain controller), TCP/3268/3269 (global catalog), TCP/135/49125+ (RPC)
Security Management Server - AdminHelp v9.10
19
Dell Compatibility Server: TCP/1099
Dell Compliance Reporter: HTTP(S)/8084 (automatically configured at installation)
Dell Core Server: HTTPS/8888 and 9000 (8888 is automatically configured at installation)
Dell Device Server: HTTP(S)/8081 - If your Dell Server is pre-v7.7/8443 - If your Dell Server is v7.7 or later
Dell Key Server: TCP/8050
Dell Policy Proxy: TCP/8000
Dell Security Server: HTTPS/8443
Client Authentication: HTTPS/8449 (If using Dell Encryption on a Server operating system)
Remote Management Console: HTTPS/8443
Client Communication if using Advanced Threat Prevention: HTTPS/TCP/443
Beacon server if using Data Guardian: HTTP/8446
Proxy Servers
Beginning with v8.1, the Proxy Server implementation, deployment and installation have been simplified.
The new Proxy Server is a simplified web server with a single web application.
Types of Proxy Servers
Security Server Proxy (defaults to 8443)
Core Server Proxy (defaults to 8888)
Device Server Proxy (defaults to 8081) see Note
Note: The purpose of Device Server Proxy is to support legacy Encryption clients (pre-v8.0) that
communicate with port 8081. Newer Encryption clients (v8.0 and later) are configured by the client installer
Components
20
to communicate with the Security Server (or Security Server Proxy) on port 8443. The full Device Server is
not installed in v8.1. The Device Server Proxy forwards all communications to the Security Server behind the
firewall.
Policy Proxy
Policy Proxy serves as intermediary between the Security Management Server and the Encryption client,
delivering information from each to the other.
Time Slotting
In order to prevent Security Management Server traffic jams, Policy Proxies use a configurable time slotting
mechanism that allows them to independently choose well-distributed time slots for communicating with the
Security Management Server.
Polling
On every poll, the endpoint authenticates, checks for policy updates, and uploads inventory. A successful
authentication is required for the process to begin.
Poll Triggers
To poll, a user must be logged in. On the next user login, another poll will occur. The poll information
needed is only available per user, and when that user is logged in.
Other times a poll occurs are as follows:
Immediately upon login, after keys are unlocked.
When a network status update is signaled by the operating system (cable plugged in, wireless
network connected, VPN goes live).
When the polling period elapses, as specified by policy.
Failed Poll Attempts
Policy Proxy poll attempts are based on a timer. When a poll attempt fails, the timer is reset. The length of
time set for the next attempt is based on when the attempt failed. If the device misses a poll when the
device is powered off, the timer will be triggered when the device is next powered on.
If the poll attempt failed while making the attempt, the time is set to one tenth the policy value for the
polling interval. For example - If the polling interval is 100 minutes, then the next interval after a failed
attempt will be 10 minutes. If it fails again, the next interval will still be 10 minutes. The interval will
remain 10 minutes until a successful poll, after which it will return to 100 minute intervals.
General Information
Policy Proxy is generally installed on only a few machines.
Creates inventory information for the Security Management Server.
Passes on to the Security Management Server device inventory it receives when the Encryption client
successfully retrieves policies.
Securely distributes security policies and encryption keys to devices via the network when
contacted.
May be in your DMZ.
Always belongs to a group. By default, all Policy Proxies belong to the same group.
21
Navigate the Dell Server
Navigation
The Remote Management Console is a central control center that the administrator can use to deploy and
monitor Dell Security for the enterprise. It consists of security and configuration settings that are applied
through policy to groups called Populations.
The menu pane allows you to access the following:
Dashboard
The Remote Management Console opens to the Dashboard. The Dashboard provides graphs and statistics on
endpoint and threat protection as well as summary statistics on populations and operating systems.
Populations
A population is a grouping for which security policies, settings, and actions can be configured. For example,
you can apply security policies at the Enterprise, Domain, User Group, User, Endpoint Group, and Endpoint
levels. For more information about Populations, see Populations. For more information about security
policies, see Manage Security Policies.
Reporting
Reporting menu items provide reports on the protection state of your environment and endpoints,
deployment issues that require action, and devices within the network. You can create and manage reports
with the Manage Reports tool or by launching Compliance Reporter. This menu also allows you to collect,
view, and export audit events to a SIEM server.
Management
Allows you to commit policies, perform recovery, and manage licenses, services, alerts, and Data Guardian
external users.
Masthead icons
The following icons display on the masthead:
(1) Logged in user - The user icon and name of the user that is currently logged on.
(2) Gear icon - From the gear icon, you can Change the Superadmin Password, view information about the
Security Management Server or Security Management Server Virtual, get Dell ProSupport contact
information, and log out.
(3) Question mark icon - From the question mark icon, you can open a help topic that explains the current
screen in the Remote Management Console.
Disconnected Mode
Disconnected mode allows a Security Management Server to manage Advanced Threat Prevention endpoints
without client connection to the Internet or external network. Disconnected mode also allows the Dell
Navigate the Dell Server
22
Server to manage clients without Internet connection or a provisioned and hosted Advanced Threat
Prevention service. The Dell Server captures all event and threat data in Disconnected mode.
To determine if a Dell Server is running in Disconnected mode, click the gear icon at the top right of the
Remote Management Console and select About. The About screen indicates that a Dell Server is in
Disconnected mode, below the Dell Server version.
Disconnected mode is different than a standard connected installation of Dell Server in the following ways.
Client Activation
An install token is generated when the administrator uploads an Advanced Threat Prevention license, which
allows the Advanced Threat Prevention client to activate.
Remote Management Console
The following items are not available in the Remote Management Console when Dell Server is running in
Disconnected mode:
The following areas specific to Advanced Threat Prevention: Advanced Threats by Priority, (Advanced
Threat) Events by Classification, Advanced Threats Top Ten, and Advanced Threat Prevention Events.
Enterprise > Advanced Threats tab, which provides a dynamic display of detailed events information
for the entire enterprise, including a list of the devices on which events occurred and any actions taken
on those devices for those events.
(Left navigation pane) Services Management, which allows enabling of the Advanced Threat Prevention
service and Product Notifications enrollment.
The following item has been added to the Remote Management Console to support Disconnected Mode:
Enterprise > Advanced Threat Events tab, which lists events information for the entire enterprise
based on information available in the Dell Server, even when running in Disconnected Mode.
Functionality
The following functionality is not available in the Remote Management Console when Dell Server is running
in Disconnected mode:
Security Management Server upgrade, update, and migration
Security Management Server Virtual auto update - update must be done manually
Cloud profile update
Advanced Threat Prevention auto update
Upload of Unsafe or Abnormal Executable files for Advanced Threat Prevention analysis
Advanced Threat Prevention File upload and Log File upload
The following functionality differs:
The Dell Server sends the Global Safe List, Quarantine List, and Safe List to client computers.
The Global Safe List is imported to the Dell Server through the Global Allow policy. For more
information, see the Global Allow policy.
The Quarantine List is imported through Quarantine List policy. For more information, see the
Quarantine List policy.
The Safe List is imported through Safe List policy. For more information, see the Safe List policy.
Dashboard
Security Management Server - AdminHelp v9.10
23
Dashboard
The Dashboard displays an overview of status information for your enterprise. You can access more detailed
information directly from the Dashboard by clicking its statistics, graphs, and chart legends.
In the top right, select the Widgets menu to add or remove the following options:
Notifications
Protection Status
Threat
Protection History
Inventory History
Summary Statistics
The images below reflect what you may see in the Dashboard. Content may vary based on the features
installed and enabled on your Dell Security Management Server and endpoints.
Click an area below to view a description of the detail you can access by clicking the same area in your
Dashboard.
Navigate the Dell Server
24
Note: An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a
recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are
newly detected as potentially unsafe files or programs and require guided remediation.
Security Management Server - AdminHelp v9.10
25
Notifications List
The Notifications list provides a configurable summary of news, alerts, and events to display on the
Dashboard or to be sent as email notifications. For more information, see Dashboard Field Descriptions and
Notification Management.
Notification Types
You can select the notification types to include in the list. Notifications of the remaining types are hidden.
Types include:
Update - News of upcoming product updates. To view and receive product updates, you must enroll to
receive them. Select Services Management > Product Notifications, click On, then click Save
Preferences.
Config - News about configuration changes.
Navigate the Dell Server
26
Knowledge Base - Summaries and links to knowledge base articles with in-depth technical information
such as work-arounds and configuration methods.
Announcement - News of upcoming releases and new products.
License - Alerts when your volume license availability is low, or when your client access license count has
been exceeded.
Threat Protection - A threat alert from Advanced Threat Prevention.
Advanced Threat Event - An event detected by Advanced Threat Prevention. The summary contains a
listing of Critical, Major, Minor, Warning, and Information events, with links to more detailed information.
Threat Event - An event detected by Threat Protection.
Certificate - Certificate expiration notification.
DDP Server Exceptions - A Dell Server communication issue is impacting deliveries of the following
notifications: Threat Protection, Update, Config, Knowledge Base, and Announcement.
After selecting one or more types, click in the neutral space above the list to apply the selections.
Select Clear selected items to reset the selections in this drop-down list.
Priority Levels
Note: Notification priority levels are not related to priority levels displayed on the Dashboard other than in
the Notifications area.
Priorities are Critical, High, Medium, and Low. These priority levels are only relative to one another within a
type of notification.
You can select the priority levels of notifications to include in the Dashboard Notifications area or email
notifications lists. Notifications of the remaining priority levels are not included in the Dashboard or email
notifications lists.
In the Dashboard, after selecting one or more priority levels, click in the neutral space above the drop-down
list to apply your selections.
Select Clear selected items to reset the selections in this drop down list. All notifications will display (unless
filtered elsewhere).
Endpoint Protection Status
In the Endpoint Protection Status section of the Dashboard, you can view endpoint status by platform:
Windows, Mac, Mobile Devices, and All Platforms with a numeric value and bar chart that shows the numbers
of protected and unprotected endpoints. A pie chart representing total protected and unprotected endpoints
displays on the left.
Click a value to display a list of the endpoints represented in the value.
Protection Status
To access this page, click a link in the Dashboard's Endpoint Protection Status graph. You can click a specific
platform type or All. The page provides protection details on the endpoints within that platform.
Platform - Windows, Mac, Mobile Devices, All, Protected, or Not Protected
Endpoint ID - Value that uniquely identifies the endpoint.
Security Management Server - AdminHelp v9.10
27
Protected - A green check mark indicates the endpoint is protected. The protection status of a Windows
workstation is derived from the current encryption policies and encryption states of the Encryption client
users, as well as the current device encryption policy and state of the endpoint. On the dashboard's Endpoint
Protection Status graph, you can select endpoints by platform, protected endpoints, non-protected
endpoints, or all endpoints. See Protected.
Shield Inventory Received - The date and time that the inventory was received by the Security Management
Server and placed in the queue.
Shield Inventory Processed - The date and time that the inventory was picked up from the queue and
processed. (Note: If the Server is under load, the Processed and Received times may be different, but
usually they will be the same.)
Agent Inventory Received - The date and time that the inventory was received by the Security Management
Server and placed in the queue.
Agent Inventory Processed - The date and time that the inventory was picked up from the queue and
processed (Note: If the Server is under load, the Processed and Received times may be different, but usually
they will be the same.)
Shield - If encryption is installed on the endpoint, an icon displays.
Manager (Windows only) - If installed on the endpoint, an icon displays. This includes endpoints with
activated PBA, HCA, SED, or BitLocker Manager.
Threat Protection Status
Threat Protection monitors the network for viruses, spyware, unwanted programs, suspicious
communications through the firewall, and unsafe websites and downloads.
The Threat Protection Status pane shows threats by category: Critical, Major, Minor, and Warning. Each
category is listed in a colored bar chart with a numerical value for the corresponding number of threats
found during the time frame.
The time frame is selectable, in days: 1, 7, 14, 30, 60, and 90 days.
Click a Threat Category value to display a detailed list of threats included in the category.
Threat Protection Status for Severity Level
To access this page, click a value on the Dashboard's Threat Protection Status graph.
This page provides a detailed view of threats based on individual severity levels and devices that have a
threat within that severity level. The columns list the specific counts for each type of threat event on a
device.
Dropdown list of severity levels - Select a different option from the list (Critical, Major, Minor, Warning,
Information). Critical is the most dangerous threat to the endpoint, and Information is just a notification of
an event that is unlikely to harm the endpoint.
Dropdown list of days - Select a time frame option: 1, 7, 14, 30, 60, and 90 days.
Platform - The platform type
Device ID - Value that uniquely identifies the target device. Click a link to view information about that
endpoint.
Event Count columns - For each device, lists the number for each of the following threat events:
Navigate the Dell Server
28
Malware/Exploit - Includes counts for viruses, spyware, and unwanted programs. This could be
exploited buffer overflows that seek to execute arbitrary code on a device or attempts to exploit
browser vulnerabilities. Counts may include malware that executes from within memory space.
Web Filter - Includes threats related to web browsing and downloads.
Web Protection - Includes threats related to web browsing and downloads.
Firewall - Includes suspicious communications related to incoming or outgoing traffic and any attacks.
Uncategorized - Lists the number of threats that do not belong in other event counts.
Advanced Threat Prevention Events
The Advanced Threat Prevention Events pane displays a time line of Advanced Threat events over the course
of a month, by file type as assigned by Advanced Threat Prevention.
Click a file type for details of the events of that type.
File types include:
Unsafe - A suspicious file with a high score (-60 to 100) likely to be malware
Abnormal - A suspicious file with a lower score (-1 to 59) less likely to be malware
Quarantined - A file that is moved from its original location, stored in the Quarantine folder, and prevented
from executing on a specific device.
Waived - A file allowed to execute on a specific device.
Cleared - A file that has been cleared within the organization. Cleared files include files that are Waived,
added to the Safe list, and deleted from the Quarantine folder on a device.
For more detail about events, see Advanced Threat Prevention Classifications and Advanced Threats Top Ten
Advanced Threats by Priority
Advanced Threats by Priority classifies suspicious files by priority levels of High, Medium, and Low. This
prioritization helps administrators determine which threats and devices to address first. To view a list of
threats with the corresponding priority level, click a value in the Advanced Threats by Priority field on the
Dashboard.
Files are analyzed for the following attributes:
The file has a Cylance score greater than 80.
A score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the
confidence level that the file is malware. The higher the number, the greater the confidence.
The file is currently running.
The file has been run previously.
The file is set to auto run.
The file is detected by Execution Control.
Files are prioritized based on the number of the above attributes it has:
Low = 0-1 attributes
Medium = 2-3 attributes
Security Management Server - AdminHelp v9.10
29
High = 4-5 attributes
As an example, following is the analysis of three threats:
Threat 1
Attribute
Attribute Value
Score
Cylance score 90 +1
Currently running on any
device
True +1
Ever run on any device True +1
Set to auto run on any device True +1
Detected by Execution Control False +0
Total score
5: High Priority
Threat 2
Attribute
Attribute Value
Score
Cylance score 20 +0
Currently running on any
device
True +1
Ever run on any device False +0
Set to auto run on any device True +1
Detected by Execution Control False +0
Total score
2: Medium Priority
Threat 3
Attribute
Attribute Value
Score
Cylance score 20 +0
Currently running on any
device
False +0
Navigate the Dell Server
30
Ever run on any device False +0
Set to auto run on any device False +0
Detected by Execution Control True +5
Total score
5: High Priority
Advanced Threat Prevention Classifications
Advanced Threat Prevention can provide details on the static and dynamic characteristics of files. This
allows administrators to not only block threats, but also to understand threat behavior in order to further
mitigate or respond to threats.
Type of Threat
Threats are classified by the type of threat - Malware, Dual Use, and Potentially Unwanted Program.
Malware
If the file is identified as a piece of malware, the file should be removed or quarantined as soon as possible.
Verified malware can be further subclassified as one of the following:
Subclass
Definition
Examples
Backdoor
Malware that provides unauthorized access to a system, bypassing security
measures.
Back Orifice,
Eleanor
Bot
Malware that connects to a central Command and Control (C&C) botnet
server.
QBot, Koobface
Downloader
Malware that downloads data to the host system.
Staged-
Downloader
Dropper
Malware that installs other malware on a system.
Exploit
Malware that attacks a specific vulnerability on the system.
FakeAlert
Malware that masquerades as legitimate security software to trick the user
into fixing fake security problems at a price.
Fake AV White
Paper
Generic
Any malware that does not fit into an existing category.
InfoStealer
Malware that records login credentials and/or other sensitive information.
Snifula
Ransom
Malware that restricts access to system or files and demands payment for
removal of restriction, thereby holding the system for ransom.
CryptoLocker,
CryptoWall
Remnant
Any file that has malware remnants post removal attempts.
Rootkit
Malware that enables access to a computer while shielding itself or other
files to avoid detection and/or removal by administrators or security
technologies.
TDL, Zero Access
Rootkit
Security Management Server - AdminHelp v9.10
31
Trojan
Malware that disguises itself as a legitimate program or file.
Zeus
Virus
Malware that propagates by inserting or appending itself to other files.
Sality, Virut
Worm
Malware that propagates by copying itself to another device.
Code Red, Stuxnet
Dual Use
Dual Use indicates the file can be used for malicious and non-malicious purposes. Caution should be used
when allowing the use of these files in your organization. For example, while PsExec can be a useful tool for
executing processes on another system, that same benefit can be used to execute malicious files on another
system.
Subclass
Definition
Examples
Crack Technologies that can alter (or crack) another application in order to
bypass licensing limitations or Digital Rights Management protection (DRM).
Generic Any Dual Use tool that does not fit into an existing category.
KeyGen Technologies which can generate or recover/reveal product keys that can
be used to bypass Digital Rights Management (DRM) or licensing protection
of software and other digital media.
MonitoringTool
Technologies that track a user's online activities without awareness of the
user by logging and possibly transmitting logs of one or more of the
following:
user keystrokes
email messages
chat and instant messaging
web browsing activity
screenshot captures
application usage
Veriato 360,
Refog Keylogger
Pass Crack
Technologies that can reveal a password or other sensitive user credentials
either by cryptographically reversing passwords or by revealing stored
passwords.
l0phtcrack, Cain
& Abel
RemoteAccess
Technologies that can access another system remotely and administer
commands on the remote system, or monitor user activities without user
notification or consent.
Putty, PsExec,
TeamViewer
Tool Programs that offer administrative features but can be used to facilitate
attacks or intrusions. Nmap, Nessus,
P0f
Potentially Unwanted Programs
The file has been identified as a Potentially Unwanted Program. This indicates that the program may be
unwanted, despite the possibility that users consented to download it. Some PUPs may be permitted to run
on a limited set of systems in your organization (EX. A VNC application allowed to run on Domain Admin
devcies). A Dell Server administrator can choose to waive or block PUPs on a per device basis or globally
quarantine or safelist based on company policies. Depending on how much analysis can be performed against
a PUP, further subclassification may be possible. Those subclasses are shown below and will aid an Admin in
determining whether a particular PUP should be blocked or allowed to run:
Navigate the Dell Server
32
Subclass
Definition
Examples
Adware
Technologies that provide annoying advertisements (example: pop-ups) or
provide bundled third-party add-ons when installing a
n application. This usually
occurs without adequate notification to the user about the nature or presence
of the add-on, control over installation, control over use, or the ability to fully
uninstall the add-on.
Gator, Adware
Info
Corrupt Any executable that is malformed and unable to run.
Game Technologies that create an interactive environment with which a player can
play.
Steam Games,
League of
Legends
Generic
Any PUP that does not fit into an existing category.
HackingTool Technologies that are designed to assist hacking attempts. Cobalt Strike,
MetaSp0it
Portable
Application Program designed to run on a computer independently, without needing
installation. Turbo
Scripting Tool
Any script that is able to run as if it were an executable. AutoIT,
py2exe
Toolbar Technologies that place additional buttons or input boxes on-screen within a
UI.
Nasdaq
Toolbar, Bring
Me Sports
Score
A Score is assigned to each file. Negative scores, from -1 to -100 denote files that are deemed Abnormal or
Unsafe. The score represents the confidence level that the file is malware. The higher the negative number,
the greater the confidence.
File Type
The file is assigned a type, based on the score.
File Types:
Unsafe: A file with a score ranging from -60 to -100. An Unsafe file is one in which the Advanced
Threat Prevention agent finds attributes that greatly resemble malware.
Abnormal: A file with a score ranging from -1 to -59. An Abnormal file has a few malware attributes
but fewer than an unsafe file, thus is less likely to be malware.
Note: Occasionally, a file may be classified as Unsafe or Abnormal even though the score displayed doesn’t
match the range for the classification. This could result from updated findings or additional file analysis
after the initial detection. For the most up-to-date analysis, enable Auto Upload in the Device Policy.
Priority Level
The file is given a Priority Level. The priority level helps administrators determine which threats and
devices to address first. For more information, see Advanced Threats by Priority.
Advanced Threats Top Ten
Security Management Server - AdminHelp v9.10
33
Click Threats to view the threats found on the largest number of devices.
Click a threat to display additional information about the threat. Details display on a new page.
Click Devices to view a list of devices that have the largest number of threats.
Click a device to display additional information about the device. Details display on a new page.
Endpoint Protection History
This graph gives a time line snapshot of the past 90 days of the total number of endpoints that are protected
and total number that are not protected. This graph is especially useful during initial deployment, when
moving toward complete protection.
The green bars represent the total number of protected endpoints. The red bars represent the total number
of endpoints that are not protected.
Endpoint Inventory History
This graph gives a time line snapshot of the past 90 days of the total number of endpoints that have
communicated with and sent inventory to the Security Management Server and the total number that have
not sent inventory.
Summary Statistics
Summary Statistics provides a breakdown of the following:
Domains
User groups
Endpoint groups
AD users
Local users
Endpoints
Protected
Not protected
Shields
Managers
Modified policies
Summary Statistics provides a breakdown of endpoints by platform, with a link to a detailed report for the
selected platform:
Windows
Mac
Mobile device
All
Navigate the Dell Server
34
Endpoint OS Report
To access this page, click a platform link on the Dashboard's Summary Statistics. If you click All and the
Platform Report page opens, click view in the OS Report column.
OS/Version - Operating system name and version as reported in the endpoint's inventory
Count - Number of endpoints or devices
Shielded - Number of encrypted endpoints for that OS and version
Unshielded - Number of endpoints for that OS and version that are not encrypted
Platform Report - Click view for a report on all the platforms
Endpoint List - Click the icon to navigate to the Endpoints page and the list of endpoints for that OS and
version
Platform Report
To access this page, click All on the Dashboard's Summary Statistics. If you click a specific platform link and
access the Endpoint OS Report page, click view in the Platform Report column.
Platform - Windows, Mac, and MDM (Mobile Device Management)
Count - Number of endpoints or devices Platform Reportfor that platform
Shielded - Number of encrypted endpoints for that platform
Unshielded - Number of endpoints for that platform that are not encrypted
OS Report - Click view for a report based on each operating system/version for that platform
Endpoint List - Click the icon to navigate to the Endpoints page and the list of endpoints for that platform
Populations
Populations
A population is a grouping for which policies, settings, and actions can be configured.
To access a Populations page, click Populations in the left pane of the Remote Management Console and
select a Population, for example, Populations > Enterprise.
Tabs available on each Populations page provide information, allow you to edit detail of the Population, and
provide configuration options for that Population. The table lists the tabs available for each Population.
Populations
Security
Policies
Details
&
Actions
Members
Settings
Key
Server
Endpoint
Groups
Endpoints
User
Groups
Users
Admin
Threat
Events
Advanced
Threat
Events
Enterprise
Domains
User Groups
Users
Security Management Server - AdminHelp v9.10
35
Endpoint
Groups
Endpoints
Administrators
To access the tabs for each Population:
Enterprise - Click Populations > Enterprise.
Populations other than Enterprise - Click a Population link, then search for or click a Domain, User
Group, User, Endpoint Group, Endpoint, or Administrator link.
Note: The tabs available for an Administrator may vary, depending on the role.
Enterprise
View or Modify Enterprise-Level Policies
To view or modify Enterprise-level policies, follow these steps:
1. In the left pane, click Populations > Enterprise.
2. Click the Security Policies tab.
3. Select the technology group, such as Windows Encryption, or policy group, such as Policy-Based
Encryption, to view or modify.
View Threat Events
Threats are categorized as Malware/Exploit, Web Filter, Firewall, or Uncategorized events. The list of threat
events can be sorted by any of the column headers. You can view threat events for the entire enterprise or
for a specific endpoint. To view threat events of a specific endpoint, from the Enterprise Threat Events tab,
select the endpoint's device in the Device ID column.
To view threat events in the enterprise, follow these steps:
1. In the left pane, click Populations > Enterprise.
2. Click the Threat Events tab.
3. Select the desired severity level and time period for which to display events.
To view threat events on a specific endpoint, follow these steps:
1. In the left pane, click Populations > Endpoints.
2. Search or select a Hostname, then the Threat Events tab.
Manage Enterprise Advanced Threats
Advanced Threats tab
If the Advanced Threat Prevention service is provisioned and licenses are available, the Advanced Threats
tab provides a dynamic display of detailed events information for the entire enterprise, including a list of
the devices on which events occurred and any actions taken on those devices for those events. For
information about provisioning the service, see Provision Advanced Threat Prevention Service.
To access the Enterprise Advanced Threats tab, follow these steps:
Navigate the Dell Server
36
1. In the left pane, click Populations > Enterprise.
2. Select the Advanced Threats tab.
Information about events, devices, and actions are organized on the following tabs:
Protection - Lists potentially harmful files and scripts and details about them, including the devices on
which the files and scripts are found.
Agents - Provides information about devices running the Advanced Threat Prevention client as well as
the option to export the information or remove devices from the list.
Global List - Lists files in the Global Quarantine and Safe list and provides the option to move files to
these lists.
Options - Provides a way to integrate with Security Information Event Management (SIEM) software using
the Syslog feature as well as export Advanced Threat data.
Certificate - Allows certificate upload. After upload, certificates display on the Global List tab and can
be Safe listed.
Tables on the tabs can be organized in these ways:
Add or remove columns from the table - Click the arrow next to any column header, select Columns,
then select the columns you want to see. Clear the check box of columns you want to hide.
Sort the data - Click a column header.
Group by a column - Drag the column header up, until it turns green.
Filter based on data of one column - click the down-arrow on any column to display the context menu,
and select Filter.
Advanced Threat Events tab
The Advanced Threat Events tab displays information about events for the entire enterprise based on
information available in the Security Management Server.
The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available.
To export data from the Advanced Threat Events tab, click the Export button and select Excel or CSV file
format.
Note: Excel files are limited to 65,000 rows. CSV files have no size limit.
For a list of fields and filters on the tab, see Advanced Threat Events tab fields and filters.
Domains
Domains
On the Domains page, you can add a domain or search and select a domain to View or Modify Domain
Information.
Add a Domain
To add a Domain, follow these steps:
1. In the left pane, click Populations > Domains.
2. On the Domains page, click Add.
3. Complete the fields on the Add Domains page.
Security Management Server - AdminHelp v9.10
37
Host Name - Enter the fully qualified host name or the computer name and domain portion of the
hostname (for example, <computer_name>.<domainname>.com) for the enterprise directory server.
Port - Enter a port for the directory server. If you do not specify a port, the default port of 389 is
used. The secure port, 636, uses an SSL connection instead of clear text. Global catalog ports are
3268 (clear-text) and 3269 (secure).
Distinguished Name - This field is populated when you tab from the completed Host Name field or
refresh the URL. If necessary, correct the entry to reflect the domain (for example,
DC=domainname, DC=com).
Secure LDAP - Select this check box for LDAPS.
User Name - Enter a User Name with rights for the domain to read and run queries on the enterprise
directory server. The format must be UPN, such as user@domain.com.
Password - Enter a Password with rights for the domain to read and run queries on the enterprise
directory server.
4. In the Domain Alias area, enter the domain name or other alias and click Add. It is recommended
that you add a pre-Windows 2000 domain name as an alias. You may enter any UPN suffixes that are
allowed for the domain and are configured in the enterprise directory server.
A Domain Alias is a mapping the Dell Server uses to select which domains to search to locate users
that might match the suffix in the UPN.
5. Click Add Domain.
Users
Users are added through reconciliation. Reconciliation is the automated process the Dell Server uses to
compare user data in the Dell Server database with user data in the enterprise directory server and update
the Dell Server database when necessary.
In the left pane, click Populations > Users and then click a User Name, to view details about the user. Click
the arrow next to a User Name to view the Common Name, sAM Account Name, and User Principal Name.
Add a User by Domain
1. In the left pane, click Populations > Users.
2. On the Users page, click Add Users by Domain.
3. In the Add Users by Domain dialog, select a domain from the pull-down list.
4. In the Full name field, enter the exact text for the user name or use the wildcard character (*). For
best results, use non-wild card characters at the beginning of the filter (e.g., User* instead of *ser).
5. Select Common Name, Universal Principal Name, or sAMAccountName from the pull-down list.
A Common Name, Universal Principal Name, and sAMAccountName must be defined in the enterprise
directory server for every user. If a user is a member of a Domain or Group but does not appear in
the Domain or Group Members list in the Remote Management Console, ensure that all three names
are properly defined for the user in the enterprise directory server.
6. Click Search. Depending on the size, this may take a few minutes to populate.
If the query is too large, a dialog prompts you to revise the query.
7. Select users from the directory user list to add to the Domain. The user names are added to the
field below the list.
Navigate the Dell Server
38
8. Click X to remove the user name from the field or click Add.
User Groups
On the User Groups page, you can add a user group, edit User Group priority or search and select a user
group to View or Modify User Group Policies and Information.
Add a User Group
1. In the left pane, click Populations > User Groups.
2. On the User Groups page, click Add.
3. Select the type of User Group from the pull-down list: Active Directory User Group or ADMIN-
DEFINED User Group
4. Select a domain from the pull-down list.
5. For Active Directory User Groups, follow these steps:
a. Enter the exact text for the Group Name or use the wildcard character (*).
b. Click Search. Depending on the size, this may take a few minutes to populate.
c. Select a group from the list to add to the Domain. The group name is added to the field
below the list.
Click the X in the group name to remove the group name from the field.
d. Click Add.
6. For ADMIN-DEFINED User Groups, follow these steps:
a. Enter the exact text for the Group Name or use the wildcard character (*).
b. Enter a Description for the group.
c. Click Add Group.
Notes:
Universal security groups are not supported.
Nested Groups are not supported.
Only User Groups with a Group Scope of Universal are supported for domains that connect through
the Global Catalog Port.
Add Non-Domain Users
To add non-domain users, the non-domain activation feature can be enabled by contacting Dell ProSupport
and requesting instructions.
View or Modify Domain Policies and Information
1. In the left pane, click Populations > Domains.
2. Search or select the appropriate Domain Name to display Domain Detail.
When you click a Domain, the Domain Detail page displays.
Security Management Server - AdminHelp v9.10
39
3. Click the tab that corresponds with the action you want to perform:
Security Policies - To view or modify policies of the Domain, click Security Policies.
Details & Actions - To view properties of the Domain, click Details & Actions
Members - To view, add, or modify information for Groups and Users within the Domain. For
instructions on how to perform these tasks, refer to the appropriate topic:
Add Users to Domain
Add User Groups
View or Modify User Information
View or Modify User Group Information
Settings - To configure LDAP settings for the Domain, click Settings. Refer to Add Domains for
instructions.
Key Server - To configure components for use with Kerberos Authentication/Authorization, click Key
Server. See Domain Key Server for instructions.
Domain Details & Actions
The Domain Details & Actions tab lists the properties of a domain.
To access the Domain Details & Actions tab, follow these steps:
1. In the left pane, click Populations > Domains.
2. Search or select a Domain Name, then the Details & Actions tab.
Details displayed on the Domain Details & Actions tab:
Domain Name - Name of the domain server. This should match the domain name in the title of the page.
Location - The location (path) of the domain within the enterprise structure. This information is derived
from the fully qualified host name or the computer name and domain portion of the hostname entered when
the domain was added. Example: /com/enterpriseserver
LDAP Url - URL to the active directory. This field is populated after adding the domain. The information is
derived from the completed Host Name field.
Example - LDAP://domainname.com:portnumber/DC=domainname,DC=com
To configure LDAP settings for the domain, click the Settings tab.
Status - Describes the health of the domain server (Good, Fair, Poor).
Domain Members
This page allows you to view, add, or modify information for Groups and Users within the Domain.
To access the Domain Members tab, follow these steps:
1. In the left pane, click Populations > Domains.
2. Search or select a Domain Name, then the Members tab.
From this tab, you can perform these actions:
Navigate the Dell Server
40
Add Users to Domain - Allows you to add users by domain
Add Group - Allows you to add a user group by domain
Select to view the following information about Groups & Users, Users only, or Groups only:
User/Group - Each user or user group in the Domain. Click an entry to view details.
Distinguished Name
CN is the common name, either a user or group name.
OU is the organizational unit name, for example, Dallas.
DC are domain components, for example, DC=Organization, DC=com
Common Name - For a user, the user name; for a group, the group name
User - Column displays a green checkmark
Group - Column displays a green checkmark
Domain Settings
This page allows you to configure or modify LDAP settings for the Domain.
To access the Domain Settings tab, follow these steps:
1. In the left pane, click Populations > Domains.
2. Search or select a Domain Name, then the Settings tab.
On the Domain Settings tab, you can view this information:
Directory URL - Lists the current URL for the enterprise directory server. If you modify the settings, click
Refresh URL.
Host Name - The fully qualified host name or the computer name and domain portion of the hostname (for
example, <computer_name>.<domainname>.com) for the enterprise directory server.
Port - The port for the directory server. If you do not specify a port, the default port of 389 is used. The
secure port, 636, uses an SSL connection instead of clear text. Global catalog ports are 3268 (clear-text) and
3269 (secure).
Distinguished Name - This field is populated when you tab from the completed Host Name field or refresh
the URL. If necessary, correct the entry to reflect the domain (for example, DC=domainname, DC=com).
Secure LDAP - Select this check box for LDAPS.
User Name - The User Name with rights to read and run queries on the enterprise directory server. The
format must be UPN, such as user@domain.com.
Password - Enter a Password with rights to read and run queries on the enterprise directory server.
Alias - A mapping that the Security Management Server uses to select which domains to search to locate
users that might match the suffix in the UPN. The domain name or other alias. It is recommended that you
add a pre-Windows 2000 domain name as an alias. You may enter any UPN suffixes that are allowed for the
domain and are configured in the enterprise directory server.
Click Add, and the entry populates the field below.
Select an alias in the list, and click Remove Selected.
Security Management Server - AdminHelp v9.10
41
Update Domain - Click to update changes.
Domain Key Server
This page allows you to view or modify components for use with Kerberos Authentication/Authorization.
Account - Enter an account name.
Click Add Account, and the entry populates the field below.
Select an account in the list, and click Remove Selected.
To access the Domain Key Server tab, follow these steps:
1. In the left pane, click Populations > Domains.
2. Search or select a Domain Name, then the Key Server tab.
User Groups
User Groups
On the User Groups page, you can add a user group, edit User Group priority or search and select a user
group to View or Modify User Group Policies and Information.
Add a User Group
1. In the left pane, click Populations > User Groups.
2. On the User Groups page, click Add.
3. Select the type of User Group from the pull-down list: Active Directory User Group or ADMIN-
DEFINED User Group
4. Select a domain from the pull-down list.
5. For Active Directory User Groups, follow these steps:
a. Enter the exact text for the Group Name or use the wildcard character (*).
b. Click Search. Depending on the size, this may take a few minutes to populate.
c. Select a group from the list to add to the Domain. The group name is added to the field
below the list.
Click the X in the group name to remove the group name from the field.
d. Click Add.
6. For ADMIN-DEFINED User Groups, follow these steps:
a. Enter the exact text for the Group Name or use the wildcard character (*).
b. Enter a Description for the group.
c. Click Add Group.
Notes:
Universal security groups are not supported.
Nested Groups are not supported.
Navigate the Dell Server
42
Only User Groups with a Group Scope of Universal are supported for domains that connect through
the Global Catalog Port.
Remove User Groups
1. In the left pane, click Populations > User Groups.
2. Click a Group Name link or enter a filter to search for available Groups.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
3. Select a row to highlight it.
4. At the top, click Delete.
Note: As another option, click a Group Name link and select the Details & Actions tab. Click Remove
Group.
If you remove a User Group that has Administrative privileges and later re-add the Group, it remains an
Administrator Group.
Find User Groups
1. In the left pane, click Populations > User Groups.
2. Enter a filter to search for available Groups.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
3. Click Search.
A Group or list of Groups displays, based on your search filter.
View or Modify User Group Policies and Information
1. In the left pane, click Populations > User Groups.
2. Search or select the appropriate Group Name to display User Group Detail.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
When you click a Group Name, the User Group Detail page displays.
3. Click the tab that corresponds with the action you want to perform:
Security Policies - To view or modify policies of the Group, click Security Policies.
Details & Actions - To view properties of the Group, click Details & Actions. Viewable information
includes:
Group Name: Group1 (Domain\Group1)
Distinguished Name: CN=Group1, OU=Dallas, DC=Organization, DC=com
Common Name: Group1
Last Modified in Directory - date and timestamp
Last Reconciled - date and timestamp
Members - To view or modify the information of a User in the Group, click Members. The list of
Users in the Group displays. Click a User to view the User's Security Policies, Details & Actions,
Endpoints, User Groups, and Admin. For instructions on how to view or modify User information,
Security Management Server - AdminHelp v9.10
43
refer to View or Modify User Information.
Admin - To view, assign, or modify Administrator Roles assigned to the Group, click Admin. Select
or deselect Administrator Roles to modify Administrator Roles assigned to the Group. For more
information about privileges available to each Administrator Role, refer to Administrator Roles.
4. If modified, click Save.
VDI User Policies
To manage policy for users in a VDI environment, create a Windows Domain group, associate domain users
with that group, and then import the group into Security Management Server. This allows Dell Server to
manage the users and their policies.
Policy settings differ, based on whether persistent or non-persistent VDI is deployed in the environment. For
an explanation of the differences between persistent and non-persistent VDI, see Persistent vs. Non-
Persistent VDI.
Policy and Configuration Requirements for VDI Users
The policy requirements below are for VDI Users running Advanced Threat Prevention. The list includes only
policies that are significant for VDI Users. VDI Endpoint Group policy settings must also meet certain
requirements. See Policy and Configuration Requirements for VDI Endpoint Groups.
Note: Ensure that you turn off Advanced Threat Prevention Agent Auto Update. In the left pane of the
Remote Management Console, select Management > Services Management > Advanced Threats - Agent
Auto Update, then select Off.
Note: With Persistent VDI Groups, ensure that roaming user profiles are configured.
These policy and configuration settings for VDI Users must be configured before VDI client activation:
Technology Category
Policy o
r Setting Persistent VDI Group
setting Non-Persistent VDI
Group setting
Windows Encryption Policy-Based Encryption
Policy
-Based Encryption On Off
Windows Encryption Policy-Based Encryption
Encrypt Outlook Personal
Folders
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Encrypt Temporary Files
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Encrypt Temporary
Internet Files
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Encrypt User Profile
Documents
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Secure Post
-Encryption
Cleanup
Single-pass Overwrite Single-pass Overwrite
Windows Encryption Policy-Based Encryption
Force Logoff/Reboot on
Policy Updates
Selected Not Selected
Removable Media
Encryption Windows Media Encryption
Windows Media Encryption
On On
Removable Media
Encryption Windows Media Encryption
EMS Scan External Media
Not Selected Not Selected
Navigate the Dell Server
44
User Group Details & Actions
The User Group Details & Actions tab lists the properties of a selected user group.
1. In the left pane, click Populations > User Groups.
2. Search or select a Group Name, then the Details & Actions tab.
Remove Group
The Remove Group command permanently removes this user group from the Security Management Server.
Details:
Group Name - Name of the user group <user group>(<domain name>\<user group>). This should match the
user group name in the title of the page.
Distinguished Name - CN=Group1, OU=Dallas, DC=Organization, DC=com
CN is the common name
OU is the organizational unit name
DC are domain components
Common Name - non-technical name of the user group
Last Modified - Date/time stamp of the last time this information changed.
Last Reconciled - Date/time stamp of the last time this information was reconciled.
User Group Members
This page displays information about each user within the user group.
1. In the left pane, click Populations > User Groups.
2. Search or select a Group Name, then click the numeral in the Members column.
User - Each user in that user group
Distinguished Name - CN=Group1, OU=Dallas, DC=Organization, DC=com
CN is the common name
OU is the organizational unit name
DC are domain components
Common Name - non-technical name of the user group
Add Users to the Group
1. On the Members tab, click Add Users to Group.
2. Search or select a user, then click the box to the left of the User Name.
3. Click Add Selected Users to Group.
OR
Select Upload Multiple User from File, then click Browse to select a CSV file and click Upload.
Security Management Server - AdminHelp v9.10
45
4. Valid CSV requirements:
The file must be in valid CSV format and contain a maximum of 999 endpoints.
The first column must contain valid fully qualified host names. All columns except
the first column are ignored.
Only activated endpoints are added to the group.
Remove Users from the Group
1. In User Group Detail, search or select a user, then click the box to the left of the User Name.
2. Click Remove Users from Group.
3. Click OK.
User Group Admin
This page allows you to assign, modify, or view Administrator roles for a group.
1. In the left pane, click Populations > User Groups.
2. Search or select a Group Name, then the Admin tab.
Administrator Roles - Assign or modify roles for a group membership and click Save.
Delegated Roles - Delegate Administrator rights for the Group to a User.
Related topics:
Administrator Roles
Assign or Modify Administrator Roles
Delegate Administrator Roles
Edit Group Priority
The Group priority feature is used to determine policy precedence for effective policies that affect multiple
groups. Group priority creates a weight associated with the specific group it is assigned to, and that weight
is used to determine which policy setting is applied to an endpoint that is a member of more than one
Endpoint Group when policy settings differ between those groups. Policy overrides are used from the group
with higher priority when two (or more) separate groups have different priority levels.
Edit Endpoint Group Priority
Endpoint Group Priority can be changed only for Rule-Defined, Admin-Defined, and Active Directory Groups.
System-Defined Group priority cannot be modified. In general, the Endpoint Group at the top of the list of
Endpoint Groups has highest priority. The Endpoint Group at the bottom of the list has lowest priority.
Navigate the Dell Server
46
Precedence Ranking
The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the
Persistent VDI Endpoint Group.
Order of priority:
1. Non-Persistent VDI Endpoint Group
2. Persistent VDI Endpoint Group
3. Highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Group
4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint
Groups
5. Opt-in Endpoint Group
6. Default Endpoint Group
To change Active Directory/Rule-Defined/Admin-Defined Endpoint Group priority:
1. In the left pane, click Populations > Endpoint Groups.
2. Click Edit Priority.
3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups
that reflects its new priority level.
4. Click Save.
Edit User Group Priority
The User Group at the top of the list of User Groups has highest priority. The User Group at the bottom of
the list has lowest priority.
Security Management Server - AdminHelp v9.10
47
To edit User Group priority:
1. In the left pane, click Populations > User Groups.
2. Click Edit Priority.
3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups
that reflects its new priority level.
4. Click Save.
Assign or Modify Administrator Roles
From the Administrators page, you can view or modify existing Administrator privileges.
To view or modify existing Administrator privileges, follow these steps:
1. In the left pane, click Populations > Administrators.
2. Search or select the row that displays the Username of the appropriate Administrator to display User
Detail.
3. View or modify administrator roles in the pane at the right.
4. Click Save.
Note: Dell recommends assigning Administrator Roles at the Group level rather than at the User level.
To view, assign, or modify Administrator Roles at the Group level, follow these steps:
1. In the left pane, click Populations > User Groups.
2. Search or select a Group Name, then the Admin tab.
The User Group Detail page displays.
3. Select or deselect Administrator Roles assigned to the Group.
4. Click Save.
Navigate the Dell Server
48
If you remove a Group that has Administrative privileges and later re-add the Group, it remains an
Administrator Group.
To view, assign, or modify Administrator Roles at the User level, see User Admin.
Related topics:
Administrator Roles
User Admin
Delegate Administrator Roles
View Reconciliation Date
To view the date and time a User Group's or User's information was last reconciled with Active Directory,
click the Details & Actions tab for the Group or User, and refer to Last Reconciled. For instructions, refer to
View or Modify User Group Policies and Information and View or Modify User Policies and Information.
View Policy Proxy State
The Remote Management Console tracks the Policy Proxy's Policy Updating state.
1. In the left pane, click Populations > Endpoints.
2. Select an endpoint type, for example, Workstation or Mobile Device.
3. If you know the full Hostname of the endpoint, enter it into the Search field and click the Search
icon.
For Windows and Mac, enter the full Hostname of the endpoint if you know it. However, you may
leave the field blank to display all Windows and Mac endpoints.
For Mobile devices, optionally enter the user's email address.
If you do not know the full Hostname or user email address, scroll through the list of available
endpoints to locate the endpoint.
4. Click an endpoint in the list to display the Endpoint Detail.
5. Click the Details & Actions tab of the endpoint for which you want to view information.
Users
Users
Users are added through reconciliation. Reconciliation is the automated process the Dell Server uses to
compare user data in the Dell Server database with user data in the enterprise directory server and update
the Dell Server database when necessary.
In the left pane, click Populations > Users and then click a User Name, to view details about the user. Click
the arrow next to a User Name to view the Common Name, sAM Account Name, and User Principal Name.
Add a User by Domain
1. In the left pane, click Populations > Users.
2. On the Users page, click Add Users by Domain.
Security Management Server - AdminHelp v9.10
49
3. In the Add Users by Domain dialog, select a domain from the pull-down list.
4. In the Full name field, enter the exact text for the user name or use the wildcard character (*). For
best results, use non-wild card characters at the beginning of the filter (e.g., User* instead of *ser).
5. Select Common Name, Universal Principal Name, or sAMAccountName from the pull-down list.
A Common Name, Universal Principal Name, and sAMAccountName must be defined in the enterprise
directory server for every user. If a user is a member of a Domain or Group but does not appear in
the Domain or Group Members list in the Remote Management Console, ensure that all three names
are properly defined for the user in the enterprise directory server.
6. Click Search. Depending on the size, this may take a few minutes to populate.
If the query is too large, a dialog prompts you to revise the query.
7. Select users from the directory user list to add to the Domain. The user names are added to the
field below the list.
8. Click X to remove the user name from the field or click Add.
Remove Users
In general, a user cannot be removed in the Remote Management Console. Instead, you must remove the
user from Active Directory.
Find Users
1. In the left pane, click Populations > Users.
2. Do one of these:
Enter the user name or a filter in the Search field and click the search icon.
Note: To search, you can enter Common Name, Universal Principal Name, or
sAMAccountName. You can use the wildcard character (*) but it is not needed at the beginning
or end of the text.
Scroll through the User Name list.
3. Click a link in the User Name column.
The User Detail page opens, displaying the Security Policies tab.
Deactivate/Suspend Users
If the user you are deactivating is no longer associated with your organization, be sure to publish appropriate
Current Shield State policy with a value other than Activate, and ensure that the policy commit is complete
and successful prior to removing the user from your enterprise directory server. The user does not need to
be in your enterprise directory server, but the Policy Proxy does need to deliver the policy to their device in
order for it to take effect.
Best Practice - Deleting users from the enterprise directory server is not recommended. If a user leaves the
organization, the account should be moved to a disabled group. With that said, if a deletion occurs, the user
is simply marked “removed” in the Security Management Server, rather than deleted. The user will not
display in the Remote Management Console, but their keys and other information are still available in the
database.
Navigate the Dell Server
50
1. In the left pane, click Populations > Users.
2. Click a User Name link or enter a filter to search for available users.
Note: To Search, you can enter Common Name, Universal Principal Name, or sAMAccountName. The
wildcard character (*) may be used but is not required at the beginning or end of the text.
3. On the User Detail > Security Policies tab under the Windows Encryption technology group, click
the Policy-Based Encryption policy group.
4. Click Show advanced settings.
5. Change the Current Shield State policy to Suspend.
6. Click Save.
7. Commit Policies.
To reactivate a deactivated Windows user, follow the instructions in Reinstate Suspended Users.
Reinstate Suspended Users
To reinstate a suspended user, follow these steps:
1. In the left pane, click Populations > Users.
2. Click a User Name link or enter a filter to search for available users.
Note: To Search, you can enter Common Name, Universal Principal Name, or sAMAccountName. The
wildcard character (*) may be used but is not required at the beginning or end of the text.
3. On the User Detail > Security Policies tab under the Windows Encryption technology group, click
the Policy-Based Encryption policy group.
4. Click Show advanced settings.
5. Change the Current Shield State policy to Activate.
6. Click Save.
7. Commit Policies.
Repeat these steps for each type of device the user was suspended from.
8. To reinstate a suspended Dell Encryption user, perform the preceding steps and then run
WSDeactivate on the computer that was suspended for that particular user. WSDeactivate and its
instructions are located in the Dell installation media. When using WSDeactivate, existing local keys,
credentials, and policy material are no longer accessible to the Encryption client, and all managed
users are forced to reactivate upon their next log on.
View or Modify User Policies and Information
1. In the left pane, click Populations > Users.
2. Click a User Name or enter a filter to search for available users.
Note: To Search, you can enter Common Name, Universal Principal Name, or sAMAccountName. The
wildcard character (*) may be used but is not required at the beginning or end of the text.
When you click a User Name, the User Detail page displays.
Security Management Server - AdminHelp v9.10
51
3. Click the tab that corresponds with the action you want to perform:
Security Policies - To view or modify policies of the User, click Security Policies.
Details & Actions - To view properties of the User, click Details & Actions. Viewable information
includes:
User Name: User Name (username@organization.com)
Distinguished Name: CN=User Name, OU=Dallas, DC=Organization, DC=com
Common Name: User Name
User Principal Name: username@organization.com
sAM Account Name: username
User Type - possible values are AD or local
Last Modified - Date/time stamp
Last Reconciled - Date/time stamp
Endpoints - To view or modify information for the User's endpoints, click Endpoints. For instructions
on how to modify endpoint information, refer to View or Modify Endpoint Information.
User Groups - To view the information for Groups the User belongs to, click Groups. A list displays
of Groups the User belongs to. Click a User Group to view the Group's Security Policies, Details &
Actions, Members, and Admin.
Admin - To view, assign, or modify Administrator Roles assigned to the User, click Admin. Select or
deselect Administrator Types to modify Administrator Roles assigned to the User.
4. If modified, click Save.
User Details & Actions
The User Details & Actions tab lists the properties of the selected user.
1. In the left pane, click Populations > Users.
2. Search or select a User Name, then the Details & Actions tab.
Details:
User Name - User Name (username@organization.com)
Distinguished Name - CN=User Name, OU=Dallas, DC=Organization, DC=com
Common Name - User Name
Universal Principal Name - username@organization.com
sAMAccountName - username
Email - User email address
User Type - possible values are AD or local
Last Modified - Date/time stamp
Last Reconciled - Date/time stamp
User Endpoints
This page displays information about a user's endpoints, listed by platform type. Endpoint categories include
Shielded, Mobile Device, and Cloud endpoints.
Navigate the Dell Server
52
1. In the left pane, click Populations > Users.
2. Search or select a User Name, then the Endpoints tab.
Shield
Platform - The platform type
Device Id - Value that uniquely identifies the target device
Last Successful Login - Date/timestamp, per endpoint
Last Unsuccessful Login - Date/timestamp, per endpoint
Last Gatekeeper Sync - Date/timestamp, per endpoint
Effective Policies - Click view for a simple layout view of the effective endpoint policies
Actions - Click Recover to proceed to the Recover Data page
Last Encryption Sweep Start - Date/timestamp, per user
Sweep End - Date/timestamp, per user
Encryption Failure - Click view for a simple list of files that could not be encrypted, per user
States (Date/timestamp, per endpoint):
Policy Updating
User Encryption Profile Updating
EMS Encryption Profile Updating
User Data Encryption On
Deactivation Pending
Suspension Pending
Suspended
Mobile Device
Platform - The platform type
Device Id - Value that uniquely identifies the target device
Effective Policies - Click view for a simple layout view of the effective endpoint policies
Cloud
Platform - The platform type
Device Id - Value that uniquely identifies the target device
User Groups
If the user belongs to a User Group, this page displays information about the group and provides a link to the
group.
1. In the left pane, click Populations > Users.
2. Search or select a User Name, then the Users Groups tab.
Security Management Server - AdminHelp v9.10
53
User Group - Group to which the user belongs
Distinguished Name - CN=Group1, OU=Dallas, DC=Organization, DC=com
CN is the common name
OU is the organizational unit name
DC are domain components
Common Name - non-technical name of the user group
User Admin
This page allows you to assign, modify, or view Administrator roles for the user.
1. In the left pane, click Populations > Users.
2. Search or select a User Name, then the Admin tab.
Administrator Roles - Assign or modify roles for the user and click Save.
Inherited Group Roles - A read-only list of roles that the user inherited from a group. To modify the roles,
click the User Groups tab for that user and select the Group Name.
Delegated Roles - Delegate Administrator rights to a User.
Related topics:
Administrator Roles
Assign or Modify Administrator Roles
Delegate Administrator Roles
View Reconciliation Date
To view the date and time a User Group's or User's information was last reconciled with Active Directory,
click the Details & Actions tab for the Group or User, and refer to Last Reconciled. For instructions, refer to
View or Modify User Group Policies and Information and View or Modify User Policies and Information.
View Policy Proxy State
The Remote Management Console tracks the Policy Proxy's Policy Updating state.
1. In the left pane, click Populations > Endpoints.
2. Select an endpoint type, for example, Workstation or Mobile Device.
3. If you know the full Hostname of the endpoint, enter it into the Search field and click the Search
icon.
For Windows and Mac, enter the full Hostname of the endpoint if you know it. However, you may
leave the field blank to display all Windows and Mac endpoints.
For Mobile devices, optionally enter the user's email address.
Navigate the Dell Server
54
If you do not know the full Hostname or user email address, scroll through the list of available
endpoints to locate the endpoint.
4. Click an endpoint in the list to display the Endpoint Detail.
5. Click the Details & Actions tab of the endpoint for which you want to view information.
Issue a User Decryption Policy
1. In the left pane, click Populations > Users.
2. Click a User Name link or search for a user and then click a link to display the User Detail.
To Search, you can enter Common Name, Universal Principal Name, or sAMAccountName. The
wildcard character (*) may be used but is not required at the beginning or end of the text.
3. On the Security Policies tab, click Policy-Based Encryption.
4. Set the value of Policy-Based Encryption to Off.
5. Click Save.
6. Commit Policies.
Once this policy reaches the specified Encryption client, decryption begins.
Endpoint Groups
Endpoint Groups
On the Endpoint Groups page, you can add or remove an Endpoint Group, edit Endpoint Group priority, or
search and select an Endpoint Group to view or modify Endpoint Group information.
Types of Endpoint Groups
System - Endpoint Group maintained by Dell Server. System groups include Default Endpoint Group, Opt-In
Endpoint Group, Persistent VDI Endpoint Group, and Non-Persistent VDI Endpoint Group. For more
information about VDI Endpoint Groups, see VDI Endpoint Groups.
Rule-Defined - Dynamic Endpoint Group based on a specification, or rule set, defined by the administrator.
Admin-Defined - Static Endpoint Group for which the administrator can select specific endpoints for
inclusion. The group remains unchanged unless the administrator adds or removes an endpoint. For more
information, see Add Endpoints to an Admin-Defined Endpoint Group or Remove Endpoints from an Admin-
Defined Endpoint Group.
Active Directory Group - Endpoint Group for which the administrator can select a group from Active
Directory for inclusion. The Active Directory group scope must be Global, and type must be Security. At least
one endpoint in the Active Directory group must be running a Dell Data Security product and be managed by
the Dell Security Management Server. For more information about adding Active Directory Endpoint Groups
to the Dell Server, see http://www.dell.com/support/article/us/en/19/SLN306875/.
Add an Endpoint Group
Before you add the first Endpoint Group see Endpoint Groups Specification, which explains fields and
expressions used in Group Specifications.
1. In the left pane, click Populations > Endpoint Groups.
2. Click Add.
Security Management Server - AdminHelp v9.10
55
3. In the Select the type of Endpoint Group field, select RULE-DEFINED Group, ADMIN-DEFINED
Group, or Active Directory Group.
4. In the Group Name field, enter a name for the new Endpoint Group.
5. In the Description field, enter a description for the new Endpoint Group.
6. (For Rule-Defined Groups only) In the Specification field, enter the rule that describes the Endpoint
Group. Specifications can be up to 20,000 characters. Specifications are case insensitive.
(For Active Directory Groups only) In the Choose AD Group field, enter into the field the beginning
characters of an Active Directory group name (Example: Accounting), and select the desired group.
7. (For Rule-Defined and Active Directory Groups only) Click Preview to view the endpoints to be
included in the group.
8. Click Add Group to save the group definition.
9. After the group is added, modify the group priority if necessary.
Remove an Endpoint Group
1. In the left pane, click Populations > Endpoint Groups.
2. Select the group to remove.
3. Click Delete, then click OK.
Modify an Endpoint Group
1. In the left pane, click Populations > Endpoint Groups.
2. Select the group to modify.
3. Click the Details & Actions tab.
4. Click Modify.
5. Make changes as desired.
6. Click Update Group.
VDI Endpoint Groups
Upon activation, a VDI endpoint is added to the appropriate VDI Endpoint Group on Dell Server, and policies
are sent to the endpoint. Persistent VDI Endpoint Groups and Non-Persistent VDI Endpoint Groups are System
Endpoint Groups, which are maintained by Dell Server.
Policy settings differ, based on whether persistent or non-persistent VDI is deployed in the environment. For
an explanation of the differences between persistent and non-persistent VDI, see Persistent vs. Non-
Persistent VDI.
Policy and Configuration Requirements for VDI Endpoint Groups
The policy requirements below are for VDI endpoints running Advanced Threat Prevention. The list includes
only policies that are significant for VDI endpoints. VDI User policy settings must also meet certain
requirements. See Policy and Configuration Requirements for VDI Users.
Note: Ensure that you turn off Advanced Threat Prevention Agent Auto Update. In the left pane of the
Remote Management Console, select Management > Services Management > Advanced Threats - Agent
Auto Update, then select Off.
Note: With Persistent VDI Groups, ensure that roaming user profiles are configured.
Navigate the Dell Server
56
These policy and configuration settings for VDI Endpoint Groups must be configured before VDI client
activation:
Technology Category
Policy or Setting
Persistent VDI Group
setting Non-Persistent VDI
Group setting
Windows Encryption Self-
Encrypting Drive (SED)
Self
-Encrypting Drive (SED)
Off Off
Windows Encryption Hardware Crypto
Accelerator (HCA)
Hardware Crypto
Accelerator (HCA)
Off Off
Windows Encryption Policy-Based Encryption
SDE Encryption Enabled
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Common Encrypted Folders
<retain default settings> <retain default settings>
Windows Encryption Policy-Based Encryption
Encrypt Windows Paging
File
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Secure Windows
Credentials
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Block Unmanaged Access
to Domain Credentials
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Secure Windows
Hibernation File
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Prevent Unsecured
Hibernation
Not Selected Not Selected
Windows Encryption Policy-Based Encryption
Enable Software Auto
Updates
Not Selected Not Selected
Windows Encryption BitLocker Encryption
BitLocker Encryption
Off Off
Windows Encryption Server Encryption
Server Encryption
Off Off
Threat Prevention Advanced Threat
Protection
Advanced Threat
Protection
On On
Removable Media
Encryption Mac Media Encryption
Mac Media Encryption
Off Off
Port Control Windows Port Control
Port C
ontrol System Disabled Disabled
Persistent vs. Non-Persistent VDI
Persistent and Non-Persistent VDI endpoints differ in the following ways:
Persistent VDI
Non
-Persistent VDI
Persistent endpoints
may exist for many
days to years.
Non-persistent
endpoints usually exist
only for a few days or
Security Management Server - AdminHelp v9.10
57
weeks.
Persistent endpoints
retain the
configurations that are
set for the VM, until
the VM clone pool is
removed and rebuilt.
Non
-persistent
endpoints revert to
baseline settings after a
user logs off.
A persistent endpoint
is dedicated to a single
user.
After reverting to
baseline settings,a non
-
persistent endpoint is
available for another
user.
Endpoint Groups Specification
To skip to instructions about how to add an endpoint, see Add Endpoint Groups.
At deployment time, all endpoints belong to a default endpoint group, which is generally sufficient for most
deployments. This feature is used to assign policy to a specific group of endpoints. For instance, you may
want to create an endpoint group based on the locale that the operating system sends up in inventory. Once
that endpoint group is established, you could then apply a specific policy set to just the endpoints in your
specified locale.
Conversely, creating an endpoint group based on a platform type would not be useful because policies are
already grouped by platform.
Endpoint groups are created using a group specification. This specification allows you to define the endpoint
characteristics used to add endpoints to a group. You cannot manually add endpoints to endpoint groups.
The system, based on the characteristics in the endpoint group specification, automatically manages
endpoints and endpoint group membership.
Endpoints can be members of many endpoint groups simultaneously, as there is no mutual exclusion
requirement for endpoints in groups. All endpoints are included in the default endpoint group in addition to
any defined endpoint groups that they may be a member of. This is similar to the way users are a member of
the domain they are a part of, in addition to any security groups. Like the user group mapping, the endpoint
group mapping creates a potential policy arbitration problem for endpoints. To resolve this problem, the
default endpoint group has the lowest possible precedence, and cannot be altered. The endpoint groups that
you create have medium precedence by default. For more information on group precedence, see Modify
Group Precedence.
Endpoint Group Specification
The endpoint group specification is a domain specific language that allows you to define groups. The
endpoint group specification consists of a set of operators and a set of data fields that these operators can
be applied to. A group specification is a Boolean expression that is evaluated per endpoint to determine
whether or not a endpoint is a member of a group.
The information obtained to assign endpoints to endpoint groups happens when inventory is received, not at
activation time. If you set up endpoint groups, all endpoints will stay only in the default endpoint group until
inventory is received.
Group specifications are created using the following fields and expressions. Multiple fields and operators can
be used in a single group specification.
Navigate the Dell Server
58
Field Name Description
CATEGORY Endpoint category: WINDOWS, MAC, SED
Mobile Edition is not available for use in the Endpoint Groups feature.
UID Windows hostname
DISPLAYNAME Fully qualified hostname
OSVERSION Operating system version as reported in inventory. We recommend using other
available fields, as discrepancies in operating system versions may reduce the
usefulness of this field.
OS Operating system name as reported in the endpoint's inventory
PROCESSOR System processor information
SERIALNUMBER Endpoint serial number
LOCALE The current locale of the endpoint. This is typically only reported by
Encryption Enterprise.
WINCOMPUTERNAME Fully qualified hostname
ASSETTAG Asset tag of the computer manufacturer
SHIELDVERSION Version of Encryption client
AGENTVERSION Agent version for Manager
PLUGINVERSION Plugin version for Manager
MEMBEROFGROUP Active Directory group name
MEMBEROFDOMAIN Active Directory domain name
CLOUDPRESENT All Dell Data Guardian clients
CLOUDINTERNAL Internal Data Guardian clients
CLOUDEXTERNAL External Data Guardian clients
SEDPRESENT All SED clients
BITLOCKERPRESENT TRUE/FALSE value for BitLocker Manager, indicating if BitLocker is enabled.
TOTALMEMORY Total memory available on the system
Operators and Expressions
The basic operators are the binary operators that return a Boolean value.
Operator
Meaning
= Boolean, Integer, and String equality operator
>, >= Greater than, greater than or equal, integer operator
<, <= Less than, less than or equal, integer operator
<> Not equal, integer string operator
AND Logical AND for Boolean expression
Security Management Server - AdminHelp v9.10
59
OR Logical OR for Boolean expression
NOT Logical NOT for Boolean expression
The logical operators follow the standard Boolean operator precedence (NOT, AND, OR). String fields have
the following string operators that return Boolean values:
BEGINSWITH
ENDSWITH
CONTAINS
These operators can be used on the string fields:
UID BEGINSWITH "A1850502"
ASSETTAG CONTAINS "007"
String fields also have the following string operators that return substrings of the field:
LEFT(string,int)
RIGHT(string,int)
MID(string,int,int)
The substring operators can be used in the string operators that return Boolean values:
LEFT(DISPLAYNAME, 4 ) = "A185"
There is one additional string operator that returns an integer value that is the length of the string:
LEN(string)
This can be used in a Boolean expression:
LEN(DISPLAYNAME)<=10
Summary
Group specifications are created using the fields and expressions described in the previous sections. Multiple
fields and operators can be used in a single group specification. For example, a group for WINDOWS devices,
with a hostname that started with ‘FOO’ that also had Hardware Crypto Accelerator cards would be:
UID BEGINSWITH "A1850502" AND LEFT(DISPLAYNAME, 4 ) = "A185"
UID BEGINSWITH "A1850502" AND LEFT(DISPLAYNAME, 4 ) = "A185" AND LEN(UID) >= 20
UID BEGINSWITH "A1850502" AND LEFT(DISPLAYNAME, 4 ) = "A185" OR ( LEN(UID) >= 20
AND BITLOCKERPRESENT)
Examples
Using the FQDN of the client computer to attach it to a device group can be done by keying on any
commonality amongst the desired client computers. In the example below, we have a child domain
Navigate the Dell Server
60
of ORGANIZATION, called AMERS to represent a domain in America. Additionally we have a 2nd child
domain EMEA representing non-American based clients.
DISPLAYNAME ENDSWITH “AMERS.ORGANIZATION.COM”
This group will contain all clients that are in the AMERS domain according to their FQDN.
DISPLAYNAME ENDSWITH “EMEA.ORGANIZATION.COM”
This group will contain all clients that are in the EMEA domain according to their FQDN
If the hostname of the client computers contain several notations that indicate desired ways in
which to create a group, those specific portions can be captured as long as their location is
consistent.
Looking at the hostname: A12345jdoe.AMER.ORGANIZATION.COM
A denotes an asset, while the following 5 digits denotes the asset’s assigned value. The user that was
assigned the asset has their SAM account appended to the end.
You can capture the assigned number of the asset, and that it is within a certain subsection of assets.
This example shows how to look for assets that have a value less than 1000.
MID(DISPLAYNAME , 2, 5) < 1001
This example targets user’s machines where their last name begins with ‘r’.
MID(DISPLAYNAME , 8, 1) = “r”
Example for Dell Data Guardian:
To display Dell Data Guardian internal clients, add the specification "cloudpresent and cloudinternal".
To display Dell Data Guardian external clients, add the specification "cloudpresent and
cloudexternal".
For instructions about how to add an endpoint, see Add Endpoint Groups.
Edit Group Priority
The Group priority feature is used to determine policy precedence for effective policies that affect multiple
groups. Group priority creates a weight associated with the specific group it is assigned to, and that weight
is used to determine which policy setting is applied to an endpoint that is a member of more than one
Endpoint Group when policy settings differ between those groups. Policy overrides are used from the group
with higher priority when two (or more) separate groups have different priority levels.
Edit Endpoint Group Priority
Endpoint Group Priority can be changed only for Rule-Defined, Admin-Defined, and Active Directory Groups.
System-Defined Group priority cannot be modified. In general, the Endpoint Group at the top of the list of
Endpoint Groups has highest priority. The Endpoint Group at the bottom of the list has lowest priority.
Security Management Server - AdminHelp v9.10
61
Precedence Ranking
The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the
Persistent VDI Endpoint Group.
Order of priority:
1. Non-Persistent VDI Endpoint Group
2. Persistent VDI Endpoint Group
3. Highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Group
4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint
Groups
5. Opt-in Endpoint Group
6. Default Endpoint Group
To change Active Directory/Rule-Defined/Admin-Defined Endpoint Group priority:
1. In the left pane, click Populations > Endpoint Groups.
2. Click Edit Priority.
3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups
that reflects its new priority level.
4. Click Save.
Edit User Group Priority
The User Group at the top of the list of User Groups has highest priority. The User Group at the bottom of
the list has lowest priority.
Navigate the Dell Server
62
To edit User Group priority:
1. In the left pane, click Populations > User Groups.
2. Click Edit Priority.
3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups
that reflects its new priority level.
4. Click Save.
View Endpoints in an Endpoint Group
This page displays the endpoints included in information for every user of the specified endpoint.
1. In the left pane, click Populations > Endpoint Groups.
2. Click a Group Name link or enter a filter to search for available Groups.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
When you click a Group Name, the Endpoint Group Detail page displays.
3. If applicable, View or Modify Endpoint Information.
View or Modify Endpoint Group Policies and Information
1. In the left pane, click Populations > Endpoint Groups.
2. Click a Group Name or enter a filter to search for available Endpoint Groups.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
When you click a Group Name, the Endpoint Group Detail page displays.
3. Click the tab that corresponds with the action you want to perform:
Security Policies - To view or modify policies of the Group, click Security Policies.
Note: Before modifying VDI Endpoint Group policies, see Policy Requirements for VDI Endpoint
Security Management Server - AdminHelp v9.10
63
Groups.
Details & Actions - To view properties of the Group, click Details & Actions. Viewable information
includes:
Group Name: Group1 (Domain\Group1)
Description: The Description provided when the Group was added.
(For Rule-Defined groups) Specification: The endpoint group specification that defines endpoints as
members of the group.
SED Device Control - The SED Unlock command for this endpoint group is carried out in the SED
Device Control area. This command unlocks the PBA screen after it has been locked either by
sending a Lock command or by exceeding the maximum number of authentications attempts allowed
by policy.
Members - To view or modify the information of an Endpoint in the Group, click Members. The list
of Endpoints in the Group displays. Click an Endpoint to view the Endpoint's Security Policies, Details
& Actions, Users, Endpoint Groups, Threat Events, and Advanced Events.
4. If modified, click Save.
Endpoint Group Details & Actions
This page lists the properties of the selected Endpoint Group.
1. In the left pane, click Populations > Endpoint Groups.
2. Search or select a Group Name, then the Details & Actions tab.
Details:
Group Name of the endpoint group
A description of this endpoint group
The specification that was used to create this endpoint group (applies only to Rule-Defined Groups)
Active Directory Group (applies only to Active Directory Groups)
SED Device Control
The SED Unlock command for this endpoint group is carried out in the SED Device Control area. This
command unlocks the PBA screen after it has been locked either by sending a Lock command or by
exceeding the maximum number of authentications attempts allowed by policy.
Endpoint Group Members
This page lists the endpoints within an endpoint group. Information displays based on the group specification
used to create the endpoint group.
1. In the left pane, click Populations > Endpoint Groups.
2. Search or select a Group Name, then the Members tab.
Category - WINDOWS, MAC, SED, IOS, or Android
Hostname - Endpoint hostname
OS/Version - Endpoint operating system and version
Add Endpoints to an Admin-Defined Endpoint Group
1. In the left pane, click Populations > Endpoint Groups.
Navigate the Dell Server
64
2. Select the group to which to add endpoints.
3. Click the Members tab.
4. Select Add Endpoints to Group, then search for specific endpoints or select endpoints in the list
that displays, and click Add Selected Endpoints to Group.
OR
Select Upload Multiple Endpoints from File, then click Browse to select a CSV file and click
Upload.
Valid CSV requirements:
The file must be in valid CSV format and contain a maximum of 999 endpoints.
The first column must contain valid fully qualified host names. All columns except the first
column are ignored.
Only activated endpoints are added to the group.
Remove Endpoints from an Admin-Defined Endpoint Group
1. In the left pane, click Populations > Endpoint Groups.
2. Select the group to which to add endpoints.
3. Click the Members tab.
4. Search for specific endpoints or select endpoints in the list that displays. To select more than one
endpoint, press Shift and select the endpoints.
5. Click the red X that displays in the right column for each endpoint, or select the endpoints and click
Remove Endpoints from Group.
Endpoints
Endpoints
On the Endpoints page, you can add an endpoint to a group, remove an endpoint, or search and select an
endpoint to View or Modify Endpoint Information. You can also quickly view the following summary
information about each endpoint:
*Hostname - Endpoint hostname.
*OS/Version - Operating system and version running on the endpoint (Example: Microsoft Windows 10
Enterprise).
*Category - Catetory of endpoint (Example: Windows or Mac).
*Protected - A green check displays if the endpoint is protected. If the endpoint is not protected, the column
is blank.
*Serial Number - Manufacturer assigned serial number.
*Win Computer Name - Computer name Windows uses to identify the computer on the network.
PBE - Policy-Based Encryption version.
Manager - Manager/Agent version.
Data Guardian - Data Guardian version.
Security Management Server - AdminHelp v9.10
65
* - Click the column header to sort by column label.
Click a Hostname to view additional details about the endpoint. Click an arrow at the left of a Hostname to
view the Category, Unique ID, and Processor.
Add Endpoint to Group
To add an endpoint to an Endpoint Group:
1. In the left pane, click Populations > Endpoints.
2. Click the box next to a Hostname in the list or enter a filter to search for available endpoints.
Note: The wildcard character (*) may be used but is not required at the beginning or end of
the text.
For Windows and Mac, if you know the Hostname of the endpoint, enter it in the Search field.
However, you may leave the field blank to display all Windows and Mac endpoints.
For Mobile devices, optionally enter the model name or user's email address.
3. At the top left, click Add Endpoints to Group.
An endpoint is added to inventory when a user who is in the Dell database activates the endpoint.
If the user is not found in the Security Management Server database, they will be located in Active Directory.
Remove Endpoints
Endpoint removal is permanent. Once an endpoint is removed, the action cannot be undone.
To remove an endpoint:
1. In the left pane, click Populations > Endpoints.
2. Select the appropriate endpoint type, for example, Workstation or Mobile Device.
3. Click the box next to a Hostname in the list or enter a filter to search for available endpoints.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
For Windows and Mac, if you know the Hostname of the endpoint, enter it in the Search field.
However, you may leave the field blank to display all Windows and Mac endpoints.
For Mobile devices, optionally enter the model name or user's email address.
4. At the top left, click Remove.
5. Click OK to confirm that you want to remove the endpoint.
Note: As another option, click an endpoint link and select the Details & Actions tab. Under Endpoint
Detail, click Remove.
Find Endpoints
1. In the left pane, click Populations > Endpoints.
2. Navigate the list of endpoints using the scroll bar or page navigation controls at the bottom of the
page or enter a filter into the Search field to search for available endpoints.
Note: The wildcard character (*) may be used but is not required at the beginning or end of the text.
For Windows and Mac, if you know the Hostname of the endpoint, enter it in the