Specifications

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

19



ObjectDirectoryMaintenance



MaintenanceIntroduction

Tokeepthedatabasecleanandhealthy,maintenanceisrequiredonaregularbasis.Thismaintenancecanbe

donemanuallyusingtheEndpointEncryptionManager,or,withtheEEPCcommandLineTool(SBADMCL),

whichisthepreferredwayforlargerObjectDirectories.



Thisguidedescribestheprocessesneededformaintenance.ItiswrittenforEndp

ointEncryption

administrators.



NOTE:Thesearegenericrecommendationsbasedonexperiencebutnotalwaysbesuitableforyourspecific

environment.Fordatabasemaintenanceandperformance,itisalwaysrecommendedtoengageMcAfee

Professionalservicespriortoimplementinganyofthesesuggestions.Itispossibleonalreadyi

nstalled

environmentstohaveaMcAfeeprofessionalperformconsultancyandprovidea“healthcheck”onthesetup

andperformancesettingsoftheObjectDirectory



Environment

ThisguideappliestoMcAfeeEndpointEncryptionV5andup,howevermanystepsinthisguidecanbeapplied

toV4(build4770).

Auditmaintenance

Auditcangrowunlimitedinthedatabase.Thiscanslowdownthedatabasedramatically.TheEndpoint

Encryptionadministratorhastomakesurethattheauditiscleanedupeveryyearoreveryhalfyeardepending

onthedatabaseperformance.FormoreinformationonthecommandlinetoolSBADMCL.exeorits

commandsple

aseseetheEndpointEncryptionScriptingToolUserGuide,whichisfoundinmostnormal

installationsoftheEndpointEncryptionManager.



ExtractingandClearingAuditfromtheDatabase

Theauditfromusersandsystemsneedstobeclearedatleastonceayearforsmallerimplementationsand

frequentlyforlargerdeploymentsbecauseitgrowsfast.Heavilyusedobjectssuchasanadministrator’s

accountoruserobjectfrequentlyusedbyascriptarelikelytobecommonlargeauditcreators.



Thenee

dtoclearauditscanvarydependingonconfiguration,usageandrequirements.However,theSecurity

Managementteamshoulddecidewhentocleartheaudit.Inlaterversionsofthetool,theClearDaysOld

commandwasadded.Thisoptiongivestheadministratorthepossibilitytoclearauditsthatare,forexample,

90da

ysandolder.ThisoptionmustbeusedinsteadoftheClearoption,becausetheClearoptionwilloverride

theClearDaysOldoptionifusedtogether.



Theauditwillalwaysbeexportedbeforeitisdeleted.Thiswillgivetheadministratorthepossibilitytolook

backatolderauditsusingMicrosoftEx

celorsimilartools.



ClearingtheAudit

SBADMCLisusuallyrunfromthedirectorywheretheEndpointEncryptionManagerisinstalled.Anadmin

accountwithhigh‐levelcredentialswillbeneededforthescript.



Someofthecommandsneededbelowaredatabaseintensiveprocesses,sorunthesecommandduringnon

workinghoursonly,or,doitinmor

econtrolledsessions(onegroupatatimeforexample)duringdaytimeifthe

groupsaresmall.

