Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
11121314151617181920
Table 3-1 Recommended Product Settings Policies
Policy
Options
Recommendations
General Tab
Enable Policy — Leave this option checked (enabled). This policy should be enabled to
activate EEPC on the client system. This option needs to be disabled to uninstall EEPC
from the client.
Logging Level — Set the required logging level.
To overwrite the logging level defined in ePolicy Orchestrator, the
LoggingLevelOverride registrykey needs to be set.
None — Setting this option does not create any log.
Error — Setting this option logs the error messages only.
Error and Warnings — Setting this option logs the error and warning messages.
Error, Warnings, and Informational — Setting this option logs the error and
warning messages with more descriptions.
Error, Warnings, Informational and Debug — Setting this option logs the error
and warning messages with more descriptions in the debug mode. We recommend
that you enable this option for a detailed logging.
Allow Temporary Automatic Booting — Leave this option unchecked (disabled). This option
allows the administrator to run the scripts on the client system, so that it can
automatically boot without prompting for a PBA temporarily.
If you enable this option, be aware that the McAfee Endpoint Encryption software
doesn't protect the data on the drive when it is not in use.
Expire Uninitialized Users — Leave this option checked (enabled). Allows the administrator
to control and manage the user accounts, which are not enrolled or initialized on the
client system. Enabling this option forces the user account, that is not initialized, to
expire after a number of days as set in the policy.
Allow Machine Information Collection — Leave this option checked (enabled). Enabling this
option allows the user to collect the client system details such as the list of assigned
users, policy settings, recovery, and Endpoint Encryption Status.
Encryption
Tab
EncryptAll Disks is a recommended option (The None option does not initiate the
encryption). The Encryption type options like None, All Disks except Boot Disk, and
Selected Partitions are not applicable to the self-encrypting (Opal) drives.
Selected Partitions — Allows you to select the required partition of the client system and
assign it to be encrypted. You can select the required partition by specifying the
Windows drive letter or volume name.
The Partition level encryption is not applicable to the client system that has Opal
drives only.
Encryption Provider Priority — This table also lists the encryption providers (PC Software
and Opal) available with the software. You can change and set the encryption
priority by moving the encryption provider rows up and down, as appropriate.
Make sure that you select the required encryption type, as appropriate. Policy
enforcement might fail on client systems if you select an unsupported encryption type.
Software configuration and policies
Recommended Product Settings Policy
3
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide
19