Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Table Of Contents

Table 3-1 Recommended Product Settings Policies (continued)

Policy

Options

Recommendations

Log On Tab

• Enable automatic booting — Leave this option unchecked (disabled). If you enable this

feature, the client system does not have the PBA. This is normally referred as

Autoboot mode. It could be useful to enable this option when the administrator needs

to manage the autobooting scenarios. There are multiple scenarios where you can

have this option enabled or disabled. For instance, during rollout to minimize the end

user impact or during patch cycles to allow the patches to be installed and the

reboots to happen without end user intervention. However, it is the responsibility of

the administrator to decide on when to enable or disable this option.

If you enable this option, be aware that the McAfee Endpoint Encryption software does

not protect the data on the drive when it is not in use.

• Disable and restart system after 3 (1‑10) failed logons or unlocks (Windows only, Vista onwards) — It is

advisable to enable this option, if you had enabled the Enable automatic booting option.

On enabling this option, the autoboot of the system is disabled after a specific

number (defaulted to 3 or specify from 1‑10) of failed Windows logons.

• Do not display previous user name at log on — Leave this option checked (enabled). On

enabling this option, the client system does not display the user name of the last

logged on user automatically on all EEPC logon dialog boxes.

• Enable on screen keyboard — Leave this option checked (enabled), especially for tablets or

on screen mouse device systems. This option enables the Pre‑Boot On‑Screen

Keyboard (OSK) and the associated Wacom serial pen driver. When this option is

enabled, the pen driver finds a supported pen hardware (Panasonic CF‑H1 and

Samsung Slate 7) and displays the OSK.

If you do not select this option, the BIOS will use mouse emulation. In such a

situation, the BIOS will treat the digitizer as a standard mouse, which might lead to

the cursor being out of sync with the stylus on USB connected Wacom pen digitizers.

Please note that this feature is not applicable to EEMac.

• Always display on screen keyboard — Forces the Pre‑Boot to always display a clickable

on‑screen keyboard regardless of whether the pen driver finds suitable hardware or

not.

Note that this is only valid for BIOS based hardware. On UEFI, you should note that

the digitizer is managed by the UEFI software, so the UEFI implementation needs to

contain drivers for the digitizer.

•

Add local domain users (and tag with 'EE:ALDU')

• Disabled — Selecting this option does not add any local domain users to the client

system.

• Add all previous and current local domain users of the system — On selecting this option, any

domain users who have previously and are currently logged on to the system, are

able to authenticate through the Pre‑Boot, even if the administrator has not

explicitly assigned the user to the client system.

•

Only add currently logged on local domain user(s); activation is dependent on a successful user assignment

— Leave this option selected (enabled). On selecting this option, only the domain

users who are logged on to the current Windows session, are added to the system

Software configuration and policies