Endpoint Encryption Devices

Endpoint Encryption devices are Endpoint Encryption agents that have registered with PolicyServer. Installing any Endpoint Encryption agent automatically registers the endpoint with PolicyServer as a new Endpoint Encryption device. Since multiple Endpoint Encryption agents may protect a given endpoint, a single endpoint may appear as more than one Endpoint Encryption device on PolicyServer.

The Endpoint Encryption Devices widget provides Endpoint Encryption device management capability directly from the Control Manager dashboard. Use the Endpoint Encryption Devices widget to monitor activity, search for Endpoint Encryption devices, or secure endpoint data by initiating lock or kill commands when an endpoint is lost or stolen.

Note:

For information about adding Endpoint Encryption devices to a policy, see Specifying Policy Targets.

Options

Description

Show

Select which devices to display: all devices in the Enterprise, or devices in a specific policy.

Search ()

Click the icon to select the Endpoint Encryption agent and filter the devices shown in the table. Use the search field to specify parameters to search against. Any attributes listed in devices attributes can be searched.

Settings ()

Right-click a device

Select a device and click the icon or right-click a device to view device attributes or to perform actions on the selected device.

See Device Actions.

Number of devices

View the total number of devices in the entire Enterprise, selected policy, or specified search.

Device Actions

Select a device and click the icon or right-click a device to perform the following actions:

Action

Description

Delete device

Deleting any Endpoint Encryption device from the Enterprise also removes the device from all policy groups. The deleted Endpoint Encryption device continues functioning as long as connectivity and password policies are current on the device. The agent will be unable to synchronize its policy with PolicyServer.

Warning:

Before deleting a Full Disk Encryption device, decrypt your disk, and uninstall the Full Disk Encryption agent. If you delete a Full Disk Encryption device without deleting the agent, the Full Disk Encryption preboot may be unable to authenticate with PolicyServer and the data may become inaccessible.

Soft token

Generating a "software token" creates a unique string that you can use to unlock Endpoint Encryption devices and to remotely help Endpoint Encryption users reset forgotten passwords.

The software token is only available in the full version of Full Disk Encryption, not Encryption Management for Apple FileVault or Encryption Management for Microsoft BitLocker.

For information about resetting passwords or unlocking a user account, see Remote Help Assistance.

Recovery key

Generating a "recovery key" allows the user to decrypt a hard disk when the user has forgotten the original password or key.

The recovery key is only available to Encryption Management for Apple FileVault and Encryption Management for Microsoft BitLocker agents because they do not use the other recovery methods available in Full Disk Encryption.

For information about resetting passwords or unlocking a user account, see Remote Help Assistance.

Device attributes

View a current snapshot of the selected device.

See Device Attributes.

Kill device

Initiating a "kill" command deletes all Endpoint Encryption device data. The deleted data is different depending on the scope of data that the associated Endpoint Encryption agent manages. For example, initiating a "kill" command to a Full Disk Encryption device deletes all data from the endpoint, while initiating a "kill" command to a File Encryption device deletes all files and folders in local or removable storage protected by the File Encryption agent. The "kill" command is issued when the Endpoint Encryption agent communicates with PolicyServer.

Warning:

Killing a device cannot be undone. Back up all the data before initiating a kill command.

Lock device

Initiating a "lock" command to the Endpoint Encryption device prevents Endpoint Encryption user access until after performing a successful Remote Help authentication. Locking a device reboots the endpoint and forces it into a state that requires Remote Help. The lock command is issued when the Endpoint Encryption agent communicates with PolicyServer.

See Remote Help Assistance.

Soft reset

Initiating a "soft reset" command reboots the endpoint. The command issues the next time that the agent communicates with PolicyServer.

Device Attributes

The following table describes the Endpoint Encryption device attributes.

Attribute Name

Example

Description

.NET Version

2.0.50727.3620

The version and build number for the installed .NET framework.

Common Framework Build Number

5.0.0.84

The Endpoint Encryption agent uses a common framework for encryption. The build number is used to tell whether the agent is up-to-date.

Disk Model

VMware Virtual IDE

The hard disk model.

Disk Name

\\.\PHYSICALDRIVE0

The name of the hard disk.

Disk Partitions

1

The number of partitions on the disk with the agent installed.

Disk Size

10733990400

The total capacity of the hard disk (in bytes).

Domain Name

WORKGROUP

The domain that the endpoint is a member.

Endpoint ID

85b1e3e2a3c25d882540ef6e4818c3e4

The unique ID of the endpoint used for Control Manager integration.

<Agent> User

john_smith

The user name for the last logged on used.

<Agent> Version

5.0.0.260

The version and build number for the agent installation.

Hostname

TREND-4136D2DB3

The endpoint's host name.

IP Address

10.1.152.219

The endpoint's IP address.

Locale

English (United States)

The language and region that the endpoint is configured.

Machine Name

TREND-4136D2DB3

The computer name that the endpoint used.

Manufacturer

VMware, Inc.

The manufacturer of the hard disk.

Model

VMware Virtual Platform

The model of the hard disk.

Operating System

Microsoft Windows NT 5.1.2600 Service Pack 3

The operating system installed on the same hard disk as the agent.

Operating System Name

Microsoft Windows XP Professional

The common name of the operating system installed on the same hard disk as the agent.

Operating System Service Pack

Service Pack 3

The service pack number of the operating system installed on the same hard disk as the agent.

Operating System Version

5.1.2600.196608

The version number of the operating system installed on the same hard disk as the agent.

Partition Scheme

Classical MBR

The partition scheme for the hard disk.

Processor

x86 Family 6 Model 30 Stepping 5, Genuine Intel

The processor make and model of the endpoint.

Processor Count

2

The number of processors in the endpoint.

Processor Revision

1e05

The processor revision number.

Time Zone

Taipei Standard Time

The time zone that the endpoint resides.

Total Physical Memory

2047MB

The total RAM installed in or allocated to the endpoint.

Type

X86-based PC

The endpoint processor type.

Windows User Name

TREND-4136D2DB3\admin

The user name of the Windows account that last logged on the endpoint.