Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
EEPC activation sequence
When EEAgent and EEPC are successfully deployed, the users will be prompted to restart their system.
The restart can be canceled, however, EEPC will not become active on the client until the restart has
occurred. Therefore, the restart is essential for activation of EEPC on the client to proceed.
Endpoint Encryption Status
System restarts as initiated. You will not yet see the PBA page as the EEPC software is not yet active
on the client. However, you should now be able to see the new option Quick Settings | Show Endpoint
Encryption Status in the McAfee System Tray icon.
EEAgent synchronization with the McAfee ePO server
The status in the Show Endpoint Encryption Status window will show as Inactive until EEAgent synchronizes
with the McAfee ePO server and gets all the users assigned to it. This is referred to as an ASCI event.
It can be manually triggered on the client by opening the McAfee Agent Status Monitor and clicking Collect and
Send Props. It can also be triggered from the McAfee ePO server by doing an agent wake-up call,
otherwise, you will need to wait for the scheduled agent -server communication interval to occur (the
default is 60 minutes). After two agent-server communication intervals the status, EEPC activation will
begin. The activation process requires a number of McAfee ePO events to be sent, and this can take
some minutes to occur. Once the client-server communication has completed, the Endpoint Encryption
Status will switch to Active and encryption will start based on the policy defined.
During activation, hibernation cannot be used. It is recommended that hibernation is disabled through
Active Directory Group Policy while the rollout is in progress.
User intervention during encryption
The user can continue to work on the client system as normal even during encryption. Once the entire
disk is encrypted, the technology will be completely transparent to the end user.
It is safe and risk-free to restart the client system during encryption.
PBA
When the client system is restarted and EEPC is first activated, the user should log on with the
username that matches the user attribute set in the EE LDAP Server User/Group Synchronization task and the
default password of 12345 (this is the McAfee default password which can be changed in the User
Based Policy) in the PBA page. The user is then prompted to change this password and enroll for
self-recovery based on the policy set.
If you want the system to capture the user's credentials automatically without having to make them
use a default password on PBA, enable the Do not prompt for default password option under User Based Policies |
Password.
We recommend that you change the default password and enforce policies with stronger passwords.
Single Sign On (SSO)
The system then boots to Windows. This first boot establishes SSO (if it has been enabled). On future
restarts, the user will login to PBA only. Once authenticated, SSO will auto-login to Windows.
Deployment and activation
EEPC activation sequence
4
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide
33