Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
21222324252627282930
Table Of Contents
Table 3-1 Recommended Product Settings Policies
Policy
Options
Recommendations
General Tab
Enable Policy — Leave this option checked (enabled). This policy should be enabled to
activate Endpoint Encryption on the client system. This option needs to be disabled to
uninstall Endpoint Encryption from the client.
Logging Level — Set the required logging level.
To overwrite the logging level defined in ePolicy Orchestrator, the
LoggingLevelOverride registrykey needs to be set on the client system.
None — Does not create any log for the client system managed by McAfee ePO.
Error — Logs only error messages.
Error and Warnings — Logs the error and warning messages.
Error, Warnings, and Informational — Logs the error and warning messages
with more descriptions.
Error, Warnings, Informational and Debug — Logs the error, warning, and
debug messages. We recommend that you enable this option only when you require
extended logging for troubleshooting purposes. Try not to enable this option for
standard usage because it might impact the performance.
Allow temporary automatic booting — Enable this option that allows the administrator to run
the temporary autoboot tool on the client system, so it can automatically boot
without prompting for a PreBoot Authentication.
Expire Uninitialized Users — Leave this option checked (enabled). Allows the administrator
to control and manage the users who have not logged on to the client system.
Enabling this option forces the user account, which is not initialized, to expire after a
number of hours as set in the policy. This feature allows you to control access to
client systems by preventing unauthorized access using uninitialized user accounts.
Make sure to note that this policy is not applicable to EFI systems.
Allow Machine Information Collection — Leave this option checked (enabled). Enabling this
option allows the user to collect client system details such as the list of assigned
users, policy settings, recovery, and Endpoint Encryption Status. After enabling this
option, the user will see a new button Save Machine info in:
Windows — McAfee Agent Tray | Quick Settings | Show Endpoint Encryption Status
Mac — Encryption icon on the menu bar that is present on the desktop of the client.
You can click this button and save the text file for later reference.
Encryption Tab
EncryptAll Disks is a recommended option (The None option does not initiate the
encryption).
The All disks except boot disk option, which encrypts all disks except the boot disk is
not a recommended option.
Selected Partitions — Allows you to select the required partitions of the client system
and select them to be encrypted. You can select the required partitions by
Software configuration and policies
Recommended Product Settings Policy
3
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
21