Pre-Registration for Sentry and D300M to EMS


Availability: EMS Cloud, EMS On-Prem v7.2 and newer


The following guide will allow an EMS Admin to pre-register Sentry and D300M devices for End Users before distributing the devices to end-users.  This guide is only for Sentry and D300M. For other devices please see pg 59 of the EMS Admin Guide. PDF 

 

A checkbox has been added for the Pre-Registration of a Sentry and a D300M. This checkbox will appear for all devices but will only work with the Sentry and the D300M. If a different device is registered with this checkbox selected then the device will register with the normal workflow and ignore the Pre-Registration checkbox. 

 

Best Practices:


Upgrade Devices: For full compatibility, DataLocker recommends using this workflow with at least v5.6.0 for D300M devices. All client versions of Sentry EMS and Sentry One are supported with this workflow, however, it is always recommended that devices have the latest device client installed. The latest device client updater for Sentry devices can be found here: http://datalocker.com/device-updates. For D300M update please contact Kingston


Disable User Password Reset: Normally, an End User is able to create an online account that will allow them to create a secret question and answer combination. With this information, along with access to the assigned email for the device, the End User will be able to reset their device password at any time. For full control of the devices being deployed, some Admins would like to disable End Users from resetting their own forgotten passwords. While not required for this workflow, this is recommended. To disable End User password resets, create a new EMS policy and follow Option Two of this KB: Sentry - D300M Password Reset .


Mark Devices: D300M devices do not have an external serial number. If multiple devices are going to be registered at the same time, care should be taken not to mix the drives before giving them to the End Users. 

 

Workflow:

 

Step 1: Create Activation Code


The System Administrator should generate an activation code by filling out the needed fields, including selecting the default policy to apply to the device and the Pre-Register checkbox. This can be done in the Add User or Add Device section of EMS.




Step 2: Register Device and Update Policy


The System Administrator will plug in and register the device with the activation code. When the Admin is prompted to create a password, they should create a new password that can be shared with the End User. This will be referred to as the Registration Password.



The End User will be prompted to change this password after the first unlock if this workflow is followed correctly.

 

Upon setup of the device, the System Administrator will need to manually update the device to obtain the correct device policy. This can be done in the UI by going to Settings > Tools > Check for Updates.



 

If the policy for this device is set to allow End Users to initiate a password reset, the following will happen:

  • An email will be sent to the End User's email address. 

    • The End User will need to follow the instructions in the email before receiving the device (Set up secret question and answer).

  • The Admin will need to remove the device from the computer while the message is displayed.


If these actions do not work for your environment, then User-initiated password reset should be disabled. See above for more information.

 

If the policy has User-initiated password resets disabled, the device can be locked and removed from the host computer after clicking the Check for Updates button.

 

Step 3: Give Device to User

 

The End User will need to finish setting up the device before it can be used completely. This has to be done with a live connection to the EMS server or the device will be blocked. When the End User obtains the device, they will need to enter the Registration Password. If the password is correct, the device will prompt the End User to change the password.



 

Please note that the Registration Password will not be emailed to the End User. The System Administrator must give the End User the password directly.