Dell Embassy Trust Suite by Wave Systems

(Build 02.05.04.001)

Copyright (c) 2003-2010, Wave Systems Corp. All rights reserved. The Dell Embassy Security Center for 64 bit systems provides TPM platform manage ment functions, advanced user authentication functions, TPM key archive and rest ore functionality, Dell Preboot Manager support, and Trusted Drive M anager support.

System Requirements: Hardware: PC with a Pentium microprocessor, 300 MHz or greater VGA monitor or better, set to a resolution of 800 x 600 and 16 bit color , M) n rs. Software: Microsoft(R) Windows(R) XP Pro 64 bit, with Service Pack 2 or higher Microsoft(R) Windows(R) Vista 64 bit Microsoft(R) Internet Explorer version 6.1 (or above) IMPORTANT NOTES: Firewalls and Antispyware Software Users running Firewall and/or Antispyware software may experience warnin g from these tools when installing ETS. When this occurs, users must IMMEDIATELY giv e permission to the ETS installation to proceed. Delay or denial of permission will result in an invalid installation. Alternatively, users may temporarily disable Fire wall and/or Antispyware software before installing ETS, then re-enable the Firewall and/or Antispyware software after ETS Installation is complete. Windows Update may prevent successful installation of this software. Please dis able Windows Update so it will not start an upgrade while this installation i s in progress. If any Windows Updates have been applied prior to running this installer you must reboot the machine before starting. (OPTIONAL) supported self-encrypting hard drive See http://www.wave.com for a list of supported hardware provide (OPTIONAL) Authentec biometric sensor or UPEK biometric sensor (OPTIONAL) supported smartcard and reader for smartcard login (OPTIONAL) supported contactless smartcard for contactless authenticatio or better. Trusted Computing Group (TCG) compliant v1.2 Trusted Platform Module (TP

Limitations: XP to Vista Upgrade 1. Upgrading or reinstallation of the Ntru Trusted Software Stack ( TSS) requires the file "tsp1.dll" be copied from the install location to the W indows System32 directory. Typically this is from "c:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin \" to "C:\Windows\System32\" Embassy Security Center 1. Some personal Firewall products may block access to the network/ internet during installation and execution of applications. If you have a firew all configured to block access then you must add the following list of application s to the list of applications that are authorized access. Failure to grant acces s to the following applications may prevent ETS from installing or executing proper ly. - Microsoft Windows Installer - %WINDIR%\system32\MSIExec.exe - Ntru TSS - %PROGRAMFILES%\NTRU Cryptosystems\NTRU TCG Software Stack\bin\ tcsd_win32.exe - Secure Update - %PROGRAMFILES%\Wave Systems Corp\Services Mana ger\Secure Update\ SecureUpgrade.exe - ESC - %PROGRAMFILES%\Wave Systems Corp\EMBASSY Security Center \ EmbassySecurityCenter.exe - Document Manager - %PROGRAMFILES%\Wave Systems Corp\Services M anager\DocMgr\bin\ explorevault.exe - Private Information Manager - %PROGRAMFILES%\Wave Systems Corp \Services Manager\ Private Information Manager\Private Information Manager. exe 2. Attempting to change the TPM Owner Password with an incorrect pa ssword may result in an error message while closing ESC. The error message can be cleared by clicking on 'Ok'. No damage to the system or the data will resu lt. 3. The Embassy Trust Suite continues to support TPM-based PKI authe ntication to Windows. To run the TPM PKI Enrollment Wizard, navigate to C:\Program Files\Wave Systems\AuthenticationManager (assuming ESC/ETS is installed to the C:\ drive) and run PKIEnro ll.exe. 4. Note to Administrators: Policies (ADM/XML files) for the client software can be pushed through Microsoft Active Directory and are located in the following directories: Windows XP: C:\Documents and Settings\All Users\Application Dat a\Wave Systems Corp\Common\policies\

Windows Vista: C:\ProgramData\Wave Systems Corp\Common\Policies Secure Login / Preboot Manager 1. Passphrase "admin" is not allowed for Preboot Authentication 2. For systems with external fingerprint sensors, ensure that the s ensor is connected prior to starting the fingerprint enrollment wizard. 3. TPM reset or replacement will require re-enrollment of all biome tric data. 4. Installing third party software that interacts with the Logon pr ocess may interfere with the proper operation of the Wave Secure Login pro duct and/or prevent proper operation of the third party product. Trusted Drive Manager 1. This release does not support Native SATA mode. Make sure that t he SATA support configured for the compatibility mode in BIOS. 2. Maximum Trusted Drive password length is 32 characters unless ov erwritten by the Windows password policies. The password length is limited to 8 c haracters if the system and drive support Standby/Sleep and this feature is enabled. 3. On French Keyboard/French language systems only: Occurs every time a manual password change is completed: User1 w/password1 sets up Trusted Drive with SSO and WPS and is working normally, and 1 or more successful reboots occur after initial setup. User1 then manually initiates a password change to password2 using windo ws password change function (C-A-D, change password). Upon 1st successful reboot after changing the password, user must enter password1 at Trusted Drive Manager preboot prompt, and password2 at Window s prompt. Subsequent reboots using TDM Single Sign On work successfully with passw ord2. Password changes initiated by Windows group policy (as opposed to manual ) shows proper behavior. Archive and Restore 1. During disaster recovery, a User with Administrative Rights must restore keys prior to a Limited Users attempting restore. 2. Attempting to Archive immediately after taking TPM ownership wil l result in a "The Archive was not created successfully" message. This o ccurs because there are not yet TPM keys available to archive. Please click o n 'Ok' clear the error message. This message will occur in every case where there no TPM secured keys in existence. After TPM keys have been created, fu ture archive operations will succeed.

Technical Support: For technical support questions please go to: http://support.dell.com