Dell Encryption External Media Dialog Customization

Affected Products:

• Dell Data Protection | External Media Edition
• Dell Encryption External Media

Customize EMS Dialogs

How it Works

An XML file that is named EMSStrings.xml is used to customize EMS dialogs. The file must be placed in the C:\Windows\System32 for the customizations to be applied. Any device that is provisioned from a computer with customized dialogs have the EMSStrings.xml file is added to _Encryption_Data_Do_Not_Delete_ file, so the customizations travel with the device.
The customizations are applied in the following order:

1. If a Shielded device has an EMSStrings.xml file, that file is used.
2. If not, then place the file in C:\Windows\System32 is applied (if it exists).
   • For v8.18 and later, place the file in C:\Program Files\Dell\Dell Data Protection\Encryption.

When does the XML file get updated on the device?

Anytime a device is authenticated and the owner is logged in, the XML file is updated with the file in C:\Windows\System32.

If the XML file is updated, when is the change applied?

Once the file in C:\Windows\System32 is edited, the new text will apply the next time that a device is inserted. Remember that if an encrypted device still has the older XML file, we use that, but eventually the XML file in the device is updated.

Is the EE Server or VE Server involved?

No, the EE Server or VE Server does not deliver the XML file. The XML file can be pushed to the client computer using any push technology available to your organization.

What is the Format of the XML File?

Version Element

The version element defines the client version. The version element is used logging only.

<version>
<cmgClient>8.x.x</cmgClient>
<customStrings>1.0</customStrings>
</version>

Language Set

A language set is dialog customizations for a specific language.

<languageSet languageId="0x00"></languageSet>

The languageId defines the target primary language as defined by Windows. In this case, 0x00 defines the default language set. If the user’s current MUI language is found, we use that. If not, we use the default language (0x00).

The following language IDs are available:

Dialog Customization XML Element

The dialog XML element is used to customize a dialog. Below is a sample of a basic dialog customization entry:

<dialog id="A-1">
<message>Ask to Shield unprotected media.&#10;[EndState: ALL]</message>
</dialog>

id Attribute

Every dialog customization element requires an id attribute which defines which dialog is being customized. The table of screenshots below defines the dialog IDs.

endState Attribute

Some dialogs support the endState attribute. This attribute can be used to provide different customization for a particular dialog which can vary depending on the resulting end-state of the device if the user does not continue the process. For example, the A-1 dialog can have three different entries, one for each end state:

<dialog id="A-1" endState="blocked">
<message>Ask to Shield unprotected media.&#10;[EndState: BLOCKED]</message>
<link url="https:\\www.dell.com">Link to more info about encryption or being blocked...</link>

</dialog>
<dialog id="A-1" endState="readonly">
<message>Ask to Shield unprotected media.&#10;[EndState: READ-ONLY]</message>
</dialog>
<dialog id="A-1" endState="fullaccess">
<message>Ask to Shield unprotected media.&#10;[EndState: FULL ACCESS]</message>
</dialog>

Message Child Element

The message element is used to customize the primary message for the dialog.

Link Child Element

The link element only supports the A-? dialogs, this allows for the addition of a URL link to the dialog. It takes the following form:

<link url="https:\\www.dell.com">Link to more info about encryption or the end state...</link>

Where the url attribute specifies the link and the internal text specifies the clickable message to display.

iForgot Child Element

The iForgot element only supports the C-1 & C-2 dialogs, it specifies the message that is shown if the user presses the I Forgot button.

fusWarningChild Element

The fusWarning element only supports the C-1 & C-2 dialogs, it is displayed if a user is trying to authenticate a device when multiple users are logged into a workstation. This element makes clear there is a security risk.

cancelWarning Child Element

The cancelWarning element only supports the F-1 dialog, it specifies the message that is shown if the user cancels manual authentication.

Dialog ID	Screenshot			Descriptions	Supported Customization
	Blocked	Read-Only Access	Full Access
A-1				Ask to Shield unprotected media. If the user clicks No, the device is left un-Shielded, and access depends on the Access To un-Shielded Media policy.	endState message
A-2				If a device is Shielded by a pre-5.3 EMS, this dialog is shown to ask if the user wants to upgrade to EMS. This message is only displayed if the device can be upgraded with the current user/machine combination per the new roaming rules.	endState message
A-3				This dialog is shown when the key material in the device must be restored. It could have been deleted due to manual authentication failure, user tampering, or the device having been damaged. A change in policy which requires the key material to be reset also triggers this mechanism.	endState message link
B-1				This dialog is shown when a device is Shielded or recovered.	endState message
B-2				Shown after the user enters a password which does not meet the restrictions that are placed by the Administrator.	endState message
B-3				The dialog displayed when the device's password must be set again, usually as a result of a manual authentication. In this case, a Cancel leaves the device in a policy-driven state.	endState message
B-4				Re-display the password reset dialog when the password provided did not meet the password restrictions.	endState message
B-5				Re-display the password reset dialog after setting the new password to be the same as the previous password.	Message
C-1				Request the device password from the user for password authentication when auto authentication is not possible.	endState message iForgot fusWarning
C-2				If the password provided for authentication was incorrect, we ask the user to retry entering the password.	endState message iForgot fusWarning
D-1				The media Shielded dialog that is displayed when sweeping occurs and the tray icon is being displayed.	Yes
D-2				The media Shielded dialog that is displayed when sweeping is turned off.	Yes
E-1				Displayed when the user asks to change the existing device password after a device has been authenticated.	Yes
E2				Re-display password change dialog when the change of password fails, probably due to an incorrect current password.	Yes
E-3				Re-display password change dialog when the new password does not meet administrative password restrictions.	Yes
E-4				Display a password change dialog when the current password no longer meets new policy requirements.	Yes
F-1				Shown when the user has failed to enter the password the number of times defined by policy.	Yes
F-2				Shown when the user has failed to enter the password the number of times defined by policy. In this case, the VolumeInfo.xml file is missing or corrupt.	This is the same as F-1 in terms of customization.
G-1				Shown when the key material is lost but the machine/user combination does not allow us to recover the device (tells the user to insert the device in a Shielded computer where the original user is logged in (if Roaming) to restore the key material). If not Roaming, a full machine/user match is needed to recover!	Yes
G-2				Displayed when a device is shielded by CMG pre-5.3 and cannot be upgraded because it is not in the original machine under the original user.	Yes
G-3				Displayed when the media (floppies) is too small to allow EMS Shielding.	Yes
G-4				Displayed when the device does not have enough free space to EMS Shield the device.	Yes
G-5				Shown when a device's key material has been lost and there is no way to recover from it because there is no way to retrieve the Shield ID.	Yes
G-6				Displayed when policy does not allow access of encrypted media without the Shield installed.	Yes
G-7				Displayed if the user inserts a Handheld EMS device into a Windows EMS Shielded computer.	Yes
G-8				Displayed when the key material is deleted due to a manual authentication failure. This is controlled by policy.	Yes
G-9				Displayed when the device has entered a cooldown period due to a manual authentication failure. This is controlled by policy.	Yes
G-10				Warns the user that a read-only device cannot be Shielded when policy requires it.	Yes
G-11				Warns the user that the device was undergoing an upgrade sweep in a different computer.	Yes
G-12				Cannot repair a device newer than the EMS installed.	Yes
G-13				Volume is encrypted with a newer, unsupported IFF format. Media is blocked.	Yes
H-1				Displays a bubble or a dialog indicating that a device password has been accepted.	Yes
H-2				Displays the bubble indicating that a device was automatically authenticated in the original Shielding computer.	Yes
I-1				An animated dialog shown during sweeps (it is important for EMS to show this because removing the device before this step is done would leave unencrypted data in the device).	Yes
I-2				An animated dialog shown during decryption sweeps. It is important for EMS to show this because removing the device before this step is done would leave unencrypted data in the device.	Yes
J-1				Progress dialog used during the process of installing EMS files into a newly Shielded device. The media should not be ejected.	Yes
J-2				Progress dialog used during the process of upgrading EMS files in a Shielded device. The media should not be ejected.	Yes
K-1				The Yes/No Dialog being used for the Fast User Switching related warning when a device is being autoauthenticated.	Yes

Sample XML

<?xml version="1.0" encoding="utf-8"?>

<emsCustomDialogStrings>

<version>
<cmgClient>8.x.x</cmgClient> 
<customStrings>1.0</customStrings> 
</version> 

<!-- ENGLISH/DEFAULT --> 
 
<languageSet languageId="0x00"> 
 
<dialog id="A-1"> 
<message>Ask to Shield unprotected media.&#10;[EndState: ALL]</message> 
<link  url="https:
www.dell.com">Link  to more  info  about  encryption  or  the  end state...</link> 
</dialog> 

<!-- 
<dialog id="A-1" endState="blocked"> 
<message>Ask to Shield unprotected media.&#10;[EndState: BLOCKED]</message> 
<link  url="https:
www.dell.com">Link  to more  info  about  encryption  or  being   blocked...</link> 
</dialog>  

<dialog id="A-1" endState="readonly"> 
<message>Ask to Shield unprotected media.&#10;[EndState: READ-ONLY]</message> 
</dialog> 

<dialog id="A-1" endState="fullaccess">  
<message>Ask to Shield unprotected media.&#10;[EndState: FULL ACCESS]</message> 
</dialog>  

--> 

<dialog id="A-2" endState="blocked"> 
<message>Ask to upgrade pre-EMS device (CMG Shielded) to EMS Shielding.&#10;[EndState: BLOCKED]</message> 
<link  url="https:
www.dell.com">Link  to more  info  about  pre­EMS  devices or  being   blocked...</link> 
</dialog> 

<dialog id="A-2" endState="readonly"> 
<message>Ask to upgrade pre-EMS device (CMG Shielded) to EMS Shielding.&#10;[EndState: READ-ONLY]</message> 
</dialog> 

<dialog id="A-2" endState="fullaccess"> 
<message>Ask to upgrade pre-EMS device (CMG Shielded) to EMS Shielding.&#10;[EndState: FULL ACCESS]</message> 
</dialog> 

<dialog id="A-3" endState="blocked"> 
<message>Ask to restore key material.&#10;[EndState:  BLOCKED]</message> 
<link  url="https:
www.dell.com">Link  to more  info  about  recovery or  being   blocked...</link> 
</dialog> 

<dialog id="A-3" endState="readonly"> 
<message>Ask to restore key material.&#10;[EndState:  READ-ONLY]</message> 
</dialog> 

<dialog id="A-3" endState="fullaccess">  
<message>Ask to restore key material.&#10;[EndState: FULL ACCESS]</message> 
</dialog> 

<dialog id="B-1" endState="blocked"> 
<message>This dialog is shown when a device is Shielded or recovered.&#10;[EndState: BLOCKED]</message> 
</dialog> 
 
<dialog id="B-1" endState="readonly"> 
<message>This dialog is shown when a device is Shielded or recovered.&#10;[EndState: READ-ONLY]</message> 
</dialog> 

<dialog id="B-1" endState="fullaccess"> 
<message>This dialog is shown when a device is Shielded or recovered.&#10;[EndState: FULL ACCESS]</message> 
</dialog> 

<dialog id="B-2" endState="blocked"> 
<message>Shown after the user enters a password which does not meet the restrictions placed by the Administrator.&#10;[EndState:  BLOCKED]</message> 
</dialog> 

<dialog id="B-2" endState="readonly"> 
<message>Shown after the user enters a password which does not meet the restrictions placed by the Administrator.&#10;[EndState:  READ-ONLY]</message> 
</dialog> 

<dialog id="B-2" endState="fullaccess"> 
<message>Shown after the user enters a password which does not meet the restrictions placed by the Administrator.&#10;[EndState:  FULL ACCESS]</message>  
</dialog> 

<dialog id="B-3" endState="blocked"> 
<message>Dialog  displayed when the device's password needs to be set again, usually  as a result of a manual authentication.  In this case a 'Cancel' will leave the device in a policy driven state..&#10;[EndState: BLOCKED]</message> 
</dialog> 

<dialog id="B-3" endState="readonly"> 
<message>Dialog  displayed when the device's password needs to be set again, usually  as a result of a manual authentication.  In this case a 'Cancel' will leave the device in a policy driven state..&#10;[EndState: READ-ONLY]</message> 
</dialog> 

<dialog id="B-3" endState="fullaccess"> 
<message>Dialog  displayed when the device's password needs to be set again, usually  as a result of a manual authentication.  In this case a 'Cancel' will leave the device in a policy driven state..&#10;[EndState: FULL ACCESS]</message> 
</dialog> 

<dialog id="B-4"> 
<message>Redisplay the password reset dialog when the password provided did not meet the password restrictions.</message> 
</dialog> 

<dialog id="B-5"> 
<message>Redisplay the password reset dialog after setting the new password to be the same as the previous password.</message> 
</dialog> 

<dialog id="C-1" endState="blocked">  
<message>Request the device password from user for password authentication when auto authentication is not possible.&#10;[EndState: BLOCKED]</message> 
<iForgot>This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user.</iForgot> 
<fusWarning>This is the warning about multiple  users being logged in which will result in all users having  access to the device if it is authenticated!</fusWarning> 
</dialog> 

<dialog id="C-1" endState="readonly"> 
<message>Request the device password from user for password authentication when auto authentication is not possible.&#10;[EndState: READ-ONLY]</message> 
<iForgot>This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user.</iForgot> 
<fusWarning>This is the warning about multiple  users being logged in which will result in all users having  access to the device if it is authenticated!</fusWarning> 
</dialog> 

<dialog id="C-1" endState="fullaccess"> 
<message>Request the device password from user for password authentication when auto authentication is not possible.&#10;[EndState: FULL ACCESS]</message> 
<iForgot>This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user.</iForgot> 
<fusWarning>This is the warning about multiple  users being logged in which will result in all users having  access to the device if it is authenticated!</fusWarning> 
</dialog> 

<dialog id="C-2" endState="blocked"> 
<message>If the password provided for authentication was incorrect, we ask the user to retry entering the password.&#10;[EndState: BLOCKED]</message> 
<iForgot>This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user.</iForgot> 
<fusWarning>This is the warning about multiple  users being logged in which will result in all users having  access to the device if it is authenticated!</fusWarning> 
</dialog> 

<dialog id="C-2" endState="readonly">  
<message>If the password provided for authentication was incorrect, we ask the user to retry entering the password.&#10;[EndState: READ-ONLY]</message> 
<iForgot>This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user.</iForgot> 
<fusWarning>This is the warning about multiple  users being logged in which will result in all users having  access to the device if it is authenticated!</fusWarning> 
</dialog> 

<dialog id="C-2" endState="fullaccess"> 
<message>If the password provided for authentication was incorrect, we ask the user to retry entering the password.&#10;[EndState: FULL ACCESS]</message> 
<iForgot>This is the confirmation that you really want to say 'I Forgot'. If you do you, will need to manually authenticate by contacting an administrator or logging in the owning user.</iForgot> 
<fusWarning>This is the warning about multiple  users being logged in which will result in all users having  access to the device if it is authenticated!</fusWarning> 
</dialog> 

<dialog id="D-1"> 
<message>The 'media Shielded' dialog displayed after provisioning  of a device when sweeping will occur.</message> 
</dialog> 

<dialog id="D-2"> 
<message>The 'media Shielded' dialog displayed after provisioning  of a device, but *no* sweep will occur.</message> 
</dialog> 

<dialog id="E-1"> 
<message>Displayed  when the user asks to change the existing  device password after a device has been authenticated.</message> 
</dialog> 

<dialog id="E-2">  
<message>Redisplay password change dialog when the change of password fails, probably due to an incorrect current password.</message> 
</dialog> 

<dialog id="E-3"> 
<message>Redisplay password change dialog when the new password does not meet administrative  password restrictions.</message> 
</dialog> 

<dialog id="E-4"> 
<message>Display password change dialog when the current password no longer meets new policy requirements.</message> 
</dialog> 

<dialog id="F-1"> 
<message>Shown when the user has failed to enter the password the number of times defined by policy.</message> 
<cancelWarning>This text should express the repercusions of cancelling manual authentication!</cancelWarning> 
</dialog> 

<dialog id="G-1"> 
<message>Shown when the key material is lost but the machine/user combination  does not allow us to recover the device. Should tell the user to insert the device in a CMG Shielded machine where the original user is logged in (if Roaming) to restore the key material. If not Roaming, we need a full machine/user match to recover.</message> 
</dialog> 

<dialog id="G-2"> 
<message>Displayed when an external device was Shielded by CMG (pre-5.3)  and cannot be upgraded because its not in the original machine under the original user.</message> 
</dialog> 

<dialog id="G-3">  
<message>Displayed when the media (floppies) is too small to allow EMS Shielding.</message> 
</dialog> 

<dialog id="G-4" endState="blocked"> 
<message>Displayed when the external device does not have enough free space to EMS Shield the device.&#10;[EndState: BLOCKED]</message> 
</dialog> 

<dialog id="G-4" endState="readonly"> 
<message>Displayed when the external device does not have enough free space to EMS Shield the device.&#10;[EndState: READ-ONLY]</message> 
</dialog> 

<dialog id="G-4" endState="fullaccess"> 
<message>Displayed when the external device does not have enough free space to EMS Shield the device.&#10;[EndState: FULL ACCESS]</message> 
</dialog> 

<dialog id="G-5"> 
<message>Shown when a device's key material has been lost and there is no way to recover from it because there is no way to retrieve the Shield ID.</message> 
</dialog> 

<dialog id="G-6"> 
<message>Displayed when policy does not allow access of encrypted media w/o the CMG Shield installed.</message> 
</dialog> 

<dialog id="G-7"> 
<message>Displayed if the user happens to insert a Handheld EMS device into an Windows EMS Shielded machine.</message> 
</dialog> 

<dialog id="G-8">  
<message>Displayed when the key material is deleted due to a manual authorization failure. This is controlled by policy.</message> 
</dialog> 

<dialog id="G-9"> 
<message>Displayed when device has entered a cooldown  period due to a manual authorization failure. This is controlled by policy.</message> 
</dialog> 

<dialog id="G-10"> 
<message>Warns the user that a read-only device cannot be Shielded when policy requires it.</message> 
</dialog> 

<dialog id="G-11"> 
<message>Warns the user that the device was undergoing an upgrade sweep in a different  machine.</message> 
</dialog> 

<dialog id="G-12"> 
<message>Cannot repair a device newer than the EMS currently installed.</message> 
</dialog> 

<dialog id="G-13"> 
<message>Volume is encrypted with an newer, unsupported IFF format. Media is blocked.</message> 
</dialog> 

<dialog id="G-14"> 
<message>Shown when a user double-clicks  a file in EMSExplorer. It tells them that this feature has been disabled.</message> 
</dialog> 

<dialog id="G-15"> 
<message>If during a sweep we fail to encrypt a file due to lack of free space on the device, this dialog is shown.</message> 
</dialog> 

<dialog id="J-1"> 
<message>Progress dialog used during the process of installing EMS files into a newly Shielded device. Media *should not* be ejected at this point.</message> 
</dialog> 

<dialog id="J-2"> 
<message>Progress  dialog  used  during  the  process   of  upgrading EMS  files  in  a shielded device.  Media  *should not*  be ejected  at this  point.</message> 
</dialog> 

<dialog id="K-1"> 
<message>The Yes/No Dialog  being used for the Fast User Switching  related warning when a device is being autoauthenticated...</message> 
</dialog> 

</languageSet> 

</emsCustomDialogStrings> 

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.