Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
What happens to Machine Keys when moving systems from one branch to another
in ePolicy Orchestrator?
The LeafNode is not deleted from ePolicy Orchestrator database when a system is moved from one
branch to another in ePolicy Orchestrator, hence the Machine Key is available for the particular client
system.
How to destroy the recovery information for an EEPC installed system?
When you want to secure-erase the drives in your EEPC installed system, remove all users from the
system (including those inherited from parent branches in the system tree). This will result in making
the disks inaccessible through normal authentication as there are no longer any users assigned to the
system. You need to then destroy the recovery information for the system using the option Menu |
Systems | System Tree | Systems tab | Actions | Endpoint Encryption | Destroy All Recovery Information in the ePolicy
Orchestrator console. This means that the system can never be recovered.
Configure role based access control for managing EEPC
The ePolicy Orchestrator administrator rights management determines what administrators can
perform while managing the Endpoint Encryption software.
The administrator can set up Endpoint Encryption specific permission sets to different users in ePolicy
Orchestrator. The permission sets can be created for Executive Reviewer, Global Reviewer, Group
Admin, and Group Reviewer. The Endpoint Encryption Administrator extension (EEADMIN.ZIP) enables
ePolicy Orchestrator administrators to control Endpoint Encryption Systems that are managed through
ePolicy Orchestrator.
The McAfee ePO administrator for EEPC is able to:
Manage Endpoint Encryption users, policies and server settings
Run queries to view the encryption status of the client systems
View client system audits
View McAfee user audits
Manage Endpoint Encryption Providers
Administrative roles can be configured and implemented using the Endpoint Encryption Permission Sets option
present in ePolicy Orchestrator. It is possible to configure a number of admin roles using this option.
For example, you can create admin roles such as:
Endpoint Encryption Administrator: User accounts in this level have full control of EEPC, but cannot
manage any other software in ePolicy Orchestrator.
Endpoint Encryption Helpdesk: User accounts in this level can do EEPC password resets only.
Endpoint Encryption Engineer: User accounts in this level can do password resets as well as export
recovery files to be used with EE Tech tool.
Endpoint Encryption Auditor: User accounts in this level can view EEPC reports only.
5
Operations and maintenance
Configure role based access control for managing EEPC
38
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide