Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
11121314151617181920
Table Of Contents
Active Directory configuration
Endpoint Encryption users are not created from the McAfee ePO server. They are assigned to the client
systems from an Active Directory (AD) registered in ePolicy Orchestrator. The McAfee ePO Server is
responsible for the connection between the client and AD.
Check for the correct format of the Domain name, Username, and Server Address while registering the
LDAP server in McAfee ePO.
The AD users are different from Endpoint Encryption users.
A user exists in AD.
User string is added as a PreBoot user.
User string is then matched to AD to verify if it exists.
User string is used to login into PreBoot.
If the correct SSO options are selected, then the user string is compared [string
comparison similar to java string.matches()].
The end user perceives that he is logging only once using a single user, however, the
underlying mechanism still uses two different users one to logon at PreBoot and another
to logon against Active Directory.
Figure 3-1 Register Active Directory
It is better to key in the IP address of the domain server in the Server name field than entering the
domain name of the domain server. This is due to the potential problems caused by DNS failures and/or
canonical DNS servers failing to resolve the LDAP server(s) for the domain.
There could be instances when the Test Connection would get through even if you haven’t keyed in the
domain name and the username in correct format, however, the error could hinder the Endpoint
Encryption activation. One of the potential outcomes is that a successful logon to the LDAP server
might work because the DNS resolves to LDAP_A but when the task is run the DNS resolves to
LDAP_B and the logon fails. Other potential outcomes can be that the logon happens against a LDAP
server containing the full copy of the AD structure, a later resolution points to a newly added server
that only contains a subset of the AD structure.
3
Software configuration and policies
Active Directory configuration
16
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide