Availability: EMS Cloud, EMS On-Prem v7.2 and newer
The following guide will allow an EMS Admin to pre-register Sentry and D300M/SM devices for End Users before distributing the devices to end-users. This guide is only for Sentry and D300M/SM. For other devices please see page 59 of the EMS Admin Guide.
A checkbox has been added for the Pre-Registration of a Sentry and a D300M/SM. This checkbox will appear for all devices but will only work with the Sentry and the D300M/SM. If a different device is registered with this checkbox selected then the device will register with the normal workflow and ignore the Pre-Registration checkbox.
Best Practices:
Upgrade Devices: For full compatibility, DataLocker recommends using this workflow with at least v5.6.0 for D300M devices. All client versions of Sentry EMS, Sentry One, and D300SM are supported with this workflow, however, it is always recommended that devices have the latest device client installed. The latest device client updater for Sentry devices can be found here. For D300M/SM updates, they are available here from Kingston.
Disable User Password Reset: Normally, an End User is able to create an online account that will allow them to create a secret question and answer combination. With this information, along with access to the assigned email for the device, the End User will be able to reset their device password at any time. For full control of the devices being deployed, some Admins would like to disable End Users from resetting their own forgotten passwords. While not required for this workflow, this is recommended. To disable End User password resets, create a new EMS policy and follow Option Two of this KB: Sentry - D300M/SM Password Reset .
Mark Devices: D300M devices do not have an external serial number. If multiple devices are going to be registered at the same time, care should be taken not to mix the drives before giving them to the End Users.
Workflow:
Step 1: Create Activation Code
The System Administrator should generate an activation code by filling out the needed fields, including selecting the default policy to apply to the device and the Pre-Register checkbox. This can be done in the Add User or Add Device section of EMS.
Step 2: Register Device and Update Policy
The System Administrator will plug in and register the device with the activation code. When the Admin is prompted to create a password, they should create a new password that can be shared with the End User. This will be referred to as the Registration Password.
The End User will be prompted to change this password after the first unlock if this workflow is followed correctly.
Upon setup of the device, the System Administrator will need to manually update the device to obtain the correct device policy. This can be done in the UI by going to Settings > Tools > Check for Updates.
If the policy for this device is set to allow End Users to initiate a password reset, the following will happen:
An email will be sent to the End User's email address.
The End User will need to follow the instructions in the email before receiving the device (Set up secret question and answer).
If these actions do not work for your environment, then User-initiated password reset should be disabled. See above for more information.
If the policy has User-initiated password resets disabled, the device can be locked and removed from the host computer after clicking the Check for Updates button.
Step 3: Give Device to User
The End User will need to finish setting up the device before it can be used completely. They may be asked to choose a new password.