Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
21222324252627282930
Table Of Contents
Table 3-2 Recommended User Based Policy Settings
Policy
Options
Recommendations
Authentication Tab
Token type: Select Password only. There are a number of other tokens that can be
effectively used for your authentication as required. However, the Password only
token is as strong as any other token that you could configure.
Certificate rule
Provide LDAP user certificate — Leave this option checked (enabled).
Use latest certificate — Leave this option checked (enabled).
The Certificate rule options are not active if Password only token is selected.
Logon hours — You could enable and set the logon day and timeline as required. It is
better to have this disabled if you do not have a specific requirement.
Password Tab
Change Default Password — Leave this option checked (enabled). This allows you to set
a default password that is different from the default product setting. All new users
are prompted to change the default password during user initialization.
Do not prompt for default password — Leave this option checked (enabled). When
enabled, users are prompted to type in their EEPC password without having to
remember a common default password. If you enable this option, you don't have
to enable the Change Default Password option.
Password Change — Disable all of these settings as you would be using SSO and don't
want to cause conflict with Windows password requirements.
Enable Password history — Leave this option checked (enabled) to prevent users from
reusing passwords unless your security policy exempts users from using new
passwords.
Prevent change — Leave this option unchecked (disabled).
Require change after ____ days (1366)—Leave this option unchecked (disabled).
Warn user _____ days before password expiry (030)This is disabled by default when
you disable the Require change after ____ days (1366) option.
Incorrect Passwords
Timeout password entry after ‑‑‑‑invalid attempts (320) — Set required number of password
invalid attempts.
Maximum disable time ‑‑‑‑‑‑ minutes (164) — This is disabled by default when you
disable the Timeout password option.
Invalidate password after ‑‑‑‑‑‑ invalid attempts — Leave this option checked (enabled).
Software configuration and policies
Recommended User-Based Policy Settings
3
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
29