Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Table Of Contents

Table 3-2 Recommended User Based Policy Settings (continued)

Policy

Options

Recommendations

Password Content

Rules Tab

• Password length — Use default.

• Enforce password content — Use default.

• Password content restrictions — Use default or enable restrictions for better password

strength.

Self‑Recovery Tab

• Enable self‑recovery — Leave this option checked (enabled).

• Invalidate self recovery after No. of invalid attempts: Enable and set the number of attempts to

a number that does not abruptly lock out the Self Recovery.

• Questions to be answered — Can be set to 3. This can give you the required security

without giving the user a lot of pain of keying in the characters. However, it is up

to the administrator to decide this number depending on the requirement.

• Logons before forcing user to set answers — Set this to 0. This makes sure the users set

the answers during the user initialization.

• Questions — Use the default ones or configure the questions as required.

Checklist for using Intel

AMT and EEPC

The Intel

AMT out‑of‑band feature within EEPC 7.0 Patch 1 provides system actions that include Out Of

Band ‑ Remediation, Out Of Band ‑ Unlock PBA, and Out Of Band ‑ User Management.

For more information about these actions, see the Configure the Out Of Band ‑ Remediation feature,

Configure the Out Of Band ‑ Unlock PBA feature, and Configure the Out Of Band ‑ User Management

feature sections in the Endpoint Encryption 7.0 Patch 1 Product Guide. These actions are available on

the McAfee ePO console only after installing the EEDeep extension.

You must install the McAfee Deep Command product extensions before installing the EEDeep extension.

For more information about requirements for configuring your Intel

AMT systems, see the ePO Deep

Command Product Guide.

Preparation for using Intel

AMT with EEPC

• Make sure that the client system has been provisioned for Intel

AMT.

• The Deep Command software has been installed and its policies have been configured correctly.

• Make sure that CILA/CIRA policies have been applied and CILA/CIRA has not been disabled at Deep

Command Server Settings.

• Make sure that the client system is managed by McAfee ePO and the Intel

AMT policy has been

successfully deployed.

• Check the AMTService.log file to verify that the Intel

AMT policy is enforced correctly.

• At this point, you should be able to power the system on into BIOS to verify this.

• Make sure that you have installed the EEAdmin, EEPC and EEDeep extensions.

• Make sure that you have configured the EE Product Settings policy for out‑of‑band features and

sent to the client system.

Software configuration and policies

Checklist for using Intel

AMT and EEPC

McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide