Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
12345678910
The overall experience and tasks of an administartor and users in installing and using EEPC are exactly
the same regardless of whether the target system has an Opal drive or a normal HDD. The installation
of the product extension, deployment of the software packages, policy enforcement, and the method
of management are all the same for both systems with Opal and HDD.
EEPC Policies
EEPC is managed through the McAfee ePO server, using a combination of Product Settings and
User-Based Policies.
The McAfee ePO console allows the administrator to enforce policies across groups of computers, or a
single computer. Any new policy enforcement through McAfee ePO overrides the existing policy that is
already set on the individual systems. There are two types of policies: Product Settings and
User-Based Policies. Product Settings Policies are specific to a system or a group of systems. User
Based Policies are specific to a user, or a group of users, on a system or a group of systems.
The Product Settings Policy controls the behavior of the EEPC installed systems. For example, it
contains the options for enabling encryption, enabling automatic booting, and controlling the theme
for the Pre-Boot environment.
The User-Based Policy controls the parameters for EEPC user accounts. For example, it contains the
options for selecting a token type (including password and smartcard) and password content rules.
Configure UBP enforcement
By default, all users inherit the default User-Based Policy assigned to a system and are prevented from
using Policy Assignment Rules for EEPC UBP in order to provide maximum system scalability. User
Based policies should be kept to a minimum when possible since UBPs impact performance and
activation time.
Before you begin
You must have appropriate permissions to perform this task.
To allow a user to use a non-default User Based Policy, you must enable UBP enforcement for that
user. This allows Policy Assignment Rules to be executed to select a specific non-default UBP for the
user. If not enabled, Policy Assignment Rules are not performed and the user inherits the default UBP.
CAUTION: Failing to assign UBP using Policy Assignment Rule to users, with UBP enforcement enabled,
might cause EEPC activation to fail.
User Based Policies in EEPC 6.2
A requirement of EEPC 6.2 is that you need to specify which groups of users are allowed or not to use
the Policy Assignment Rules. The allowed users get their required User Based Policies. Users that are
not allowed to use the Policy Assignment Rules inherit the default User Based Policies assigned to the
system.
Task
1
Click Menu | Reporting | Queries. The Queries page opens.
2
Select Endpoint Encryption from Shared Groups in Groups pane. The standard EE query list appears.
3
Run the EE: Users query to list all the Endpoint Encryption Users.
4
Select a user(s) from the list to enforce the policy.
2
Design philosophy
EEPC Policies
10
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide