Product guide
Table Of Contents
• Create a query in ePolicy Orchestrator to find all systems that need to stop autobooting and assign
the second policy to these systems.
• Send an agent wake‑up call from ePolicy Orchestrator to apply the policy with Pre‑Boot
Authentication to all required systems.
• The systems will start with PBA as and when the new policy is received.
This phased deployment will temporarily enable automatic booting and then when the query is run, it
enables the Pre‑Boot Authentication policy. This ensures that Endpoint Encryption gets activated when
the system is in the field and ensures that the end user's account gets added as a valid Pre‑Boot
account before encrypting and activating PBA.
This kind of phased deployment can be very useful as and when the administrator meets with
challenges such as patching cycles, re‑imaging process, deploying product and managing other
autoboot scenarios.
Perform phased deployment in batches of systems from the System Tree.
Auto booting
Auto Booting (Enable Automatic Booting) is used by administrators for re‑imaging process, patching
cycles, and product deployments. Many software installation packages require one or more restarts of
the target computer, and autobooting automatically authenticates without user or administrator
intervention. The administrator can define a window of time‑line during which autobooting remains
active.
The autoboot feature terminates when the defined time‑line window has elapsed.
Figure 3-6 Configure auto booting
Since this policy setting temporarily bypasses the normal logon process for Endpoint Encryption
installed systems, computers receiving this policy will be vulnerable while Autobooting remains active.
To minimize the risk, make sure that you carefully review the inclusive dates and times that
Autobooting remains active before deploying this policy.
3
Software configuration and policies
Phased deployment strategies
32
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide