EMBASSY® Security Center

To specialize your search, enter a keyword, phrase or question in the box below.

Frequently Asked Questions

Click on the question to show the answer. Expand All Answers

1. Can I upgrade my Dell D-Family PC with ETS for Dell version 3.0 and will I get the new ETS features?

   Yes, you can upgrade your x30 series D-Family laptops. The new Seagate Full Disk Encryption features supported in this configuration are single sign on to Windows and Windows password synchronization. Most other new features require Dell Latitude E-Family specific hardware components and are therefore not supported on D-Family machines.

2. What are the differences between ETS for Dell version 3.0 and ETS for Dell version 2.1?

   ETS for Dell version 3.0 includes the following new capabilities:
   

   • Advanced Windows Logon features for Seagate Momentus™ Full Disk Encryption (FDE) drives.
   • Single sign-on to Windows – increases security while reducing costs associated with password management.
   • Windows password synchronization – support for existing password policies ensures ease of use.
   • New Multi-factor Authentication options for Dell preboot including.
   • Enhanced Security and Usability for Fingerprint Authentication.
   • Integration with Dell ControlPoint and ControlVault.

3. Does my existing EMBASSY Remote Administration Server (ERAS) support ETS for Dell version 3.0?

   Yes. All supported versions of ERAS are fully compatible with ETS for Dell version 3.0. In addition to managing the security features of FDE hard drives, ERAS is used to activate TPMs to secure data on client machines and to protect access to corporate networks.

4. What are the Dell Systems which include ETS for Dell version 3.0 as a standard feature?

   Dell Latitude E4200, E4300, E5400, E5500, E6400, E6400 ATG, E6500

   Dell Precision Mobile Workstation M2400, M4400

5. Does the Dell E4300 ultraportable laptop support Seagate Momentus FDE hard drives?

   Yes. The Dell E4300 laptop uses a 2.5” hard drive and therefore is compatible with Seagate FDE drives. However, the Dell E4200 laptop uses solid state drive technology and is therefore not compatible with Seagate FDE drives.

6. Where can I find Wave EMBASSY Security Center on Dell Latitude E-Family and Precision Mobile Workstations?

   For Dell PCs, where Dell ControlPoint is installed, Wave ETS software is launched from Dell ControlPoint Security Manager. However, ETS can be launched directly on these systems by going to Start -> All Programs -> Dell ControlPoint -> Security Manager -> Advanced -> EMBASSY Security Center.

7. Do I need to upgrade to ETS for Dell version 3.0 to support Seagate Momentus 7200 RPM FDE hard drives?

   No. Previous ETS versions that contain Trusted Drive Manager will support both Seagate Momentus 5400 and 7200 RPM FDE drives.

8. Can I upgrade my Dell D-Family PC with ETS for Dell version 3.0 and will I get the new ETS features?

   Yes, you can upgrade your x30 series D-Family laptops. The new Seagate Full Disk Encryption features supported in this configuration are single sign on to Windows and Windows password synchronization. Most other new features require Dell Latitude E-Family specific hardware components and are therefore not supported on D-Family machines.

9. How does ETS for Dell 3.0 use Dell ControlVault?

   ETS for Dell 3.0 uses the Dell ControlVault for securely storing fingerprint templates and other authentication information for an enhanced preboot authentication experience.

10. Do Dell Latitude™ E-Family Laptops and Precision™ Mobile Workstations ship with a Trusted Platform Module (TPM)?

    Yes. These business class PCs come standard with a TPM that conforms to v 1.2 of the Trusted Computing Group specification. These machines incorporate a TPM as part of an integrated security chip that also includes Dell ControlVault, a hardware container used for storing secrets such as passwords and fingerprint templates.

11. What is Dell ControlPoint (DCP) and how does EMBASSY Trust Suite (ETS) integrate with it?

    Dell ControlPoint is a new Dell application framework that provides an integrated and easy to use interface for managing laptop features including system, network and security settings. To enable security features, DCP utilizes ETS for Dell version 3.0. Users simply select which top level features to activate from DCP which in turn launches ETS for Dell. Once ETS is in use, users have the options of managing an FDE hard drive and a Trusted Platform Module (TPM), for application solutions such as full disk encryption and enabling strong pre-boot and multi-factor authentication.

12. What is the EMBASSY Security Center?

    The EMBASSY Security Center (ESC) is a software application that will extensively help users manage and simplify use of the Trusted Platform Module (TPM) security chip.

    At the same time, ESC supports Enterprise IT deployments by allowing to define, through Windows Security Policies, the specific features of ESC that users may modify and those which they may not modify.

    Visit our product page for further information in the products/solutions we offer.

13. What is Secure Windows Login?

    Secure Windows Login allows users to use fingerprint and /or smartCard authentication and leverage security aspects of the TPM during the Windows login process.

    ESC security settings allow the specification of two factor authentication (password and fingerprint) if desired. Users can configure ESC to use any combination of Windows password and fingerprint for both Windows login, Windows unlock, and TCG Security Password Vault authentication.

14. How to Delete Fingerprints from the computer?

    The following steps outline how to delete fingerprints using the Dell Preboot Manager Enrollment Wizard.

    • Choose EMBASSY Security Center - appears as shortcut on the Desktop
    • click Preboot Manager
    • Choose EMBASSY Security Center
    • At Enroll Fingerprints Click on Enroll
    • Click Select
    • Click Locations (This allows you to choose local users or domain users)
    • If you need to change User Name and Domain click Select Other User
    • Click Locations (This allows you to choose local users or domain users)
    • Click Advanced
    • Enter part or all of the Username you want to un-enroll fingerprints
    • Click " Find Now ";
    • Choose the user you want and click OK
    • Swipe your finger to authenticate
    • You are now presented with a screen that shows 2 hands
    • Click on a fingerprint. A screen will appear that says: Do you want to delete this fingerprint?
    • Click Yes
    • Continue this process until all fingerprints have been deleted
    • Click finish
      

    See Also: (a graphical representation)

    Steps to Delete Users Fingerprints Credentials

15. Why are some options greyed out within EMBASSY Security Center?

    Users may notice that certain functions in ESC are greyed out (inactive).

    This could be caused by one of the two following reasons:

    • You do not have the privileges to use those functions (you need to have administrative rights)
    • You may not have enabled a function of ESC for which other functions are used. For example, The Trusted Platform Module contains an Owner tab. Within the Owner tab there is an option to Change the owner's password. However, that option will remain greyed out until TPM Ownership is established and a password is set. Once the password has been set, the Change button will become available.
16. What is the Trusted Stack Software (TSS)?

    The TSS is a software specification that provides a standard API for accessing the functions of the TPM.

    Please visit the Trusted Computing Group website for further information on TSS specifications.

    • Trusted Computing Group TSS FAQ
    • Trusted Computing Group TSS 1.2 Specs FAQ
17. Is EMBASSY® Trust Suite compatible with Vista?
    EMBASSY Trust Suite and Vista Compatibility
    

    Dell has released ETS "Lite" for Vista as version A14. This package includes Embassy Trust Suite, UPEK drivers, and the NTRU TSS. If your system shipped with a pre-installed copy of Embassy Trust Suite, you can obtain the Vista-compatible version from the Dell website.

    If you are upgrading from XP to Vista, Please follow the upgrade instructions:
    XP to Vista Upgrade
    

    ETS Enterprise Security Dell Edition 3.x and Wave ETS 6.x fully support the Windows Vista OS.

    Previous versions of these products do not support the Windows Vista OS.
    

    Upgrading to a Vista-compatible version of ETS

    • Dell customers should visit the Dell website for updates. (For more information on obtaining updates for your Dell computer, please see the following article PBA-002.)
    • If you purchased ETS Enterprise through Envoy Data or Dell, you will need to purchase a new license.
18. What are TPM Security Policies?

    ESC Security Policies define the specific security-related actions that are allowed or disallowed for the given PC or user on a PC.

    ESC allows for policies to be set around password Vault enable/disable, types and frequency of authentication for Vault access, key archiving and more. ESC allows IT Administrators to define policies that are unchangeable by users. Should users find that they are not able to change certain ESC Security Policies, they should check with their IT department about gaining access.

    Note: Only an Administrator may modify TPM Security Policies
    

19. What is the Fingerprint Option?

    Embassy Security Center gives users the option of using biometric authentication (fingerprint swipe) for logging into their Windows account, and to access additional components within ESC.

    ESC supports multiple biometric devices. The complete list is available at the following link:

    http://www.wave.com/products/esc.asp. Click on Supported Biometric Devices

    Users should note the following important items regarding fingerprint sensors:

    1. Users must ensure that fingerprints are properly enrolled before enabling Secure Windows Login and Preboot Single Sign On option.
    2. ESC supports a single fingerprint biometric device for each PC.
    3. Switching back and forth between two different fingerprint devices is not recommended. Should it be necessary to change biometric devices on a particular PC, users must re-enroll fingerprints using the new device.
20. How do I change the TPM Owner Password?

    From within Embassy Security Center, click on Trusted Platform Module then the Owner tab. Click on the Change button. Enter the old password and the new password. Click OK to complete the change.

21. What does the TPM Status bar indicate?

    The TPM Status tab in the EMBASSY Security Center provides information on the current status for the TPM, related components of the system. It provides information on the security hardware and software installed, including:

    • TPM Chip enabled state
    • TPM Owner initialization state
    • TPM Information - including Manufacturer, TPM Version, TSS Vendor and TSS Version information
    • Wave Systems Software Information - including EMBASSY Security Center Version, KTM Version, CSP Name and CSP Version

    Taking ownership is the first step to enabling TPM security . Use the Owner tab within EMBASSY Security Center to establish ownership of this TPM. Ownership must be taken, in order for the security functions of EMBASSY Security Center and other security applications to function properly.

    Taking ownership of a TPM is essentially enabling the TPM to function, thereby allowing users to leverage the security available with a TPM. TPMs must have ownership taken, in order to function with most software applications. Before ownership may be established, the TPM security chip must be enabled (check your PC manufacturer's documentation for instructions; this is typically done in the BIOS).

    During the process to establish ownership, the user will define the TPM Owner password. Once this password is defined, ownership is established and the TPM is ready for use. On certain systems, users may notice that the Establish ownership button is inactive (not selectable). If this is the case, ownership of the TPM has already been established and the TPM is ready for use.

    Users should ensure that the TPM Owner Password is not lost. The TPM Owner Password is required for certain advanced functions of the TPM. If this password needs to be changed, the TPM Owner may simply select Change and be guided through the process.

22. Does the Embassy Trust Suite Secure Login feature work with a Novell Client?

    The Secure Login function of the Embassy Trust Suite has not been adapted to network login using a Novell Client. To use the Secure Login features, you will need to use the Windows GINA Login functionality.

23. What is TCG-Enabled CSP?

    TCG-enabled refers to the Trusted Computer Groups standard for Cryptographic Services.

    CSP is the Cryptographic Service Provider. The Wave TCG-Enabled CSP is included with the EMBASSY Security Center and is available for use whenever a CSP is required. Either directly called from an application or selectable from a list of installed CSPs.

    Visit the following links for further information:

    • http://www.wave.com/products/csp.asp
    • Trusted Computing Group
24. How can I confirm that my TPM chip is working?

    Within Embassy Security Center there is a status bar at the bottom of the screen that indicates if the TPM is Enabled and Owned. If the TPM chip is Enabled with a green check mark next to it, that indicates the TPM chip is recognized by Embassy Security Center and it can communicate with the TPM chip. If the TPM chip is Enabled with a red X next to it, that indicates either the TPM chip has not been activated from within the BIOS of the machine or it is not recognized within Embassy Security Center.

    From within Embassy Security Center you can also view the TPM chip status by clicking on the Trusted Platform Module icon. If the TPM chip is recognized by Embassy it will display the TPM information, and if it is not recognized, all fields will read "unknown".

25. How do TPMs compare with SmartCards or Biometrics?

    They are complementary to the TPM, which is considered a fixed token that can be used to enhance user authentication, data, communications, and/or platform security.

    A SmartCard is a portable token traditionally used to provide more secure authentication for a specific user across multiple systems, while biometrics are providing that functionality in an increasing number of systems. Both technologies have a role in the design of more secure computing environments.

26. What is the TCG Security Password Vault?

    The TCG Security Password Vault is where ESC will store the individual TPM Key Passwords that it is managing for the current user. The Password Vault is secured by the TPM. Access to the Password Vault is only granted after a valid authentication is performed. Users may authenticate use of the Password Vault with their Windows Password and/or a fingerprint biometric.

    The value of ESC's Password Vault becomes apparent once users begin using TPM-based applications regularly. Typically, each application will create at least one TPM Key, often more, and use them to protect various types of data. Each TPM Key requires the creation of another password. One can see this could quickly become difficult for users to manage.

    The ESC Password Vault solves this problem for users without undermining security. ESC allows users to save individual TPM Key passwords to the Password Vault. When TPM Keys are needed by an application, ESC retrieves them from the Password Vault. Users gain access to the Password Vault by simply entering their Windows Password and/or their fingerprint.
    

27. I am receiving an error which states the EULA.txt file cannot be located?

    There has been instances, when the EULA.txt file is not found giving the following error:

    "The End User License Agreement(EULA) could not be located."

    Look at the following Knowledge Base Article for details on how to resolve this issue.

    ESC-014

28. How do I activate EMBASSY Security Center?

    Users should activate their EMBASSY Security Center as soon as the installation is complete.

    Simply launch EMBASSY Security Center and follow the prompts. In order to complete the activation, users will need the product activation code that was delivered with the product. Users will only have to activate the product once and in the case where EMBASSY Security Center is installed as part of the EMBASSY Trust Suite (ETS), this single activation will activate all of the ETS applications.

    If users do not activate the product within 10 days, the pre-activation period ends and users must activate to continuing using the product.

Additional Support

If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.

Support Request Form