Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
21222324252627282930
Table 3-1 Recommended Product Settings Policies (continued)
Policy
Options
Recommendations
You need to enable the matching rules that are required for matching smartcard user
principle name (UPN) with EEPC usernames.
Enable SSO — Leave this option checked (enabled).
Must match user name — Leave this option checked (enabled).
Using smart card PIN — Leave this option checked or unchecked based on whether the
eToken/smart card is used or not.
Synchronize Endpoint Encryption Password with WindowsLeave this option checked (enabled).
Allow user to cancel SSO — Leave this option checked (enabled).
Require Endpoint Encryption logon — Leave this option checked (enabled).
Lock workstation when inactive — Leave this option unchecked (disabled).
Recovery Tab
Enabled — Leave this option checked (enabled). This is enabled by default to make sure
that the recovery is possible at any stage of the EEPC management.
Key size — After consulting with your IT security, set the key size to the size adequate
for your organization requirements. This refers to a recovery key size that creates a
short Response Code for the recovery.
Message — You could use this option to display your helpdesk phone number or instruct
the user to use the self recovery option.
Allow user to update self-recovery answers — Leave this option checked (enabled) only when
required. On enabling this option, the client user's self-recovery details can be reset,
then the user has to enroll the self-recovery details with new self-recovery answers.
Before resetting the self-recovery questions on the client system, make sure that you
have enabled the Enable Self Recovery option under User Based Policy | Self-Recovery. Only
initialized users can reset their self-recovery details.
Boot Options
Tab
Enable Boot Manager — Leave this option unchecked (disabled).
Always enable Pre-Boot USB support Leave this option checked only when needed. (enabled).
This USB audio functionality allows the visually challenged users to listen to an audio
signal as a guidance when the user moves the focus from one field to the next using
mouse or keyboard, in the Pre-Boot environment.
Always enable Pre-Boot PCMCIA support — Leave this option unchecked (disabled).
Graphics mode — Automatic.
Theme Tab
It is better to have the default option enabled as it is simple to deploy and manage.
Encryption
Providers Tab
Use compatible MBR — Leave this option unchecked (disabled).
Fix OS boot record sides — Leave this option unchecked (disabled).
Use Windows system drive as boot drive — Leave this option unchecked (disabled).
Software configuration and policies
Recommended Product Settings Policy
3
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide
21