Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
In short, the SSO option facilitates the user with the single authentication to the Operating System
even when PBA is enabled. Though it requires an extra step, disabling SSO is the more secure
configuration.
When the Must match username option is enabled, both the EEPC user name and the Windows user name
should match for SSO to work, regardless of which domain the user is part of. This user can even be a
local user.
When the Synchronize Endpoint Encryption password with Windows option is enabled, the EEPC password is reset
to the Windows password, however, be aware if the Password history option is enabled, and the EEPC
password is same as the Windows password, then synchronization will not occur.
On changing the EEPC password, the synchronization will not be reset. Synchronization of the password
will occur only when there is a change in the Windows password.
Activate EEPC using Add local domain users
Using the Add local domain users option, you can activate EEPC on the client systems without manually
adding users in ePolicy Orchestrator.
Make sure that at least one manually added user is assigned to the client system. For example, this
could be an admin user assigned to all systems.
Task
1
Configure the Product Settings Policy with Add local domain users option enabled.
2
Log on to the client system. After the agent to server communication interval, the Add local domain
users option adds the previously/currently logged on domain users to the client system.
3
EEPC is activated in the client system during the next ASCI. You can now restart the client to log on
using the PBA page.
This option provides automatic user assignment, which helps the administrators in not having to
manually assign users to client systems in the McAfee ePO console. The recommended best practice
is to manually assign at least one user to all systems to ensure that EEPC activation happens
successfully even if the Add local domain user option fails to function as configured. However, if this
option is configured correctly, it will not fail. A general recommendation would be to manually add a
group of support users to all systems, then activate EEPC using the Add local domain users option. You
can remove these users at a later stage after completing the deployment.
4
Deployment and activation
Activate EEPC using Add local domain users
34
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide