Sentry EMS / D300-M Version 5.6 Pre-Registration Guide.


This guide is applicable for both the Sentry EMS and the D300-M. The behavior of each policy that is assigned to the Sentry EMS and D300-M will be identical. 


With the new applied updated to these devices, there has been a few changes in the way a Systems Administrator would pre-register a device prior to distributing the device to an end user. The Systems Administrator will need to create a new policy for device registration and then create a second policy that the device will need to be assigned to after the registration process. 


This process will assure the device is registered by the systems administrator and the end user will be forced to change the “default” password upon receiving and accessing the device for the first time. 


-Create a new policy for registration-

*Please refer to the admin guide (Page 20) if you need further assistance with creating or editing new policies: https://media.datalocker.com/manuals/ems/IronKey_EMS_OnPrem_Admin_Guide.pdf

 

Password Policy Settings: (Do not set any unique password rules. Leave as default settings) 

See Image below. 

 

1. Set the Password Reset option to Allowed under the General Password Settings.

 

2. Check the box that says “Only allow admins to view recovery code”.







Advanced Policy Settings: 

 

1. Set the Online Account Users Access to All Users.





Pre-Register the Device:


1. Save the Policy and name it “Device Registration Policy”

2. Add the device to the user and assign it to the “Device Registration Policy”. If the user does not already have an account, create an account, assign the device to that user, and add the new policy to the device. 


    *For more information about adding users and devices please refer to the admin guide: 

        https://media.datalocker.com/manuals/ems/IronKey_EMS_OnPrem_Admin_Guide.pdf

        Adding users:  Starts on Page 34

        Adding devices:  Starts on Page 42


3. Plug in the device, follow the prompts, and set the password to a Generic Default Password. 

4. Disconnect the device after the device goes back to the control panel.



-Create a new Device Policy for devices after registration-


Password Policy Settings:

 

1.Change the password requirements as seen in the example below. This will prompt the user to change their password upon plugging in the device. They will be required to create a secured password. 

 

2. Set the Password Reset option to Allowed under the General Password Settings.

 

3. Leave the “Only allow admins to view recovery code” Unchecked.

  • This allows the user to do a user-initiated password reset ( Keep the box checked if you do not wish for users to initiate password reset)




Advanced Policy Settings: 

 

1. Set the Online Account Access to All Users.



2. Save the Policy and name it “User Registration Policy”


3.  After the User Policy has been saved you will need to go into the device setting inside of EMS and change the device policy from using the Registration Policy to the User Policy. 



*Please refer to the admin guide (Page 46) if you need further assistance with changing the device policy: https://media.datalocker.com/manuals/ems/IronKey_EMS_OnPrem_Admin_Guide.pdf


4. The user will now be prompted to change their password upon plugging in their device.