Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
21222324252627282930
Table Of Contents
Table 3-1 Recommended Product Settings Policies (continued)
Policy
Options
Recommendations
user for which it was captured. When you select the Enable SSO option, the Must
match user name option is also enabled by default.
Using smart card PIN — Leave this option checked or unchecked based on whether the
eToken/smart card is used or not. This option allows EEPC to capture the smart card
PIN for SSO.
Synchronize Endpoint Encryption Password with Windows — Leave this option checked
(enabled). If selected, the Endpoint Encryption password synchronizes to match the
Windows password when the Windows password is changed on the client system.
For example, if users change their password on the client, the Endpoint Encryption
password is also changed to the same value.
Allow user to cancel SSO — Leave this option checked (enabled). This option allows the
user to cancel the SSO to Windows in PreBoot. When this option is enabled, the
user has an additional checkbox at the bottom of the PreBoot logon dialog box.
Lock workstation when inactive — Leave this option unchecked (disabled). The client system
is locked when it is inactive for the set time.
Recovery Tab
Enabled — Leave this option checked (enabled). This is enabled by default to make
sure that the recovery is possible at any stage of the Endpoint Encryption
management.
Key size — After consulting with your IT security, set the key size to the size adequate
for your organization requirements. This refers to a recovery key size that creates a
short Response Code for the recovery.
Message — You could use this option to display your HelpDesk phone number or
instruct the user to use the self recovery option.
Allow users to reenroll selfrecovery information at PBA — Leave this option checked (enabled)
only when required. On enabling this option, the client user's selfrecovery details can
be reset, then the user has to enroll the selfrecovery details with new selfrecovery
answers.
Before resetting the selfrecovery questions on the client system, make sure that you
have enabled the Enable Self Recovery option under User Based Policy | SelfRecovery.
Once this option is enabled, the PreBoot Authentication (user name) screen will have
a new checkbox Reset selfrecovery. On selecting the Reset selfrecovery checkbox, the user
will be prompted for a password and then the selfrecovery enrollment.
Only initialized users can reset their selfrecovery details.
Software configuration and policies
Recommended Product Settings Policy
3
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
25