Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
Table Of Contents
Create and test the customized EETech WinPE V1 or V3 or V4 (for UEFI systems) Disk with EEPC
drivers installed.
Create and test an EETech Standalone Boot disk.
Run a pilot test of software compatibility
We recommend that you run a pilot test of EEPC on a client system. This will make sure that EEPC is
not in conflict with any encryption software on the client computers before rolling out to a large
number of clients. EEGO can be a valuable tool to detect the presence of third party encryption
software that may prevent activation or create further issues with EEPC.
This is particularly useful in environments that use a standardized client image.
Administrators should also run performance testing during the pilot test.
McAfee professionals did not come across any performance related issues with EEPC during our own
testing, however, this may vary depending upon the processor, memory, and drivers.
Do a phased deployment
An occasion may arise when the PBA creates challenges during deployment. For a successful
deployment and activation, you can create a different set of EEPC system policies and deploy in
phases enabling the None option under Encrypt and Enable Automatic Booting option under Log on tab. Create
deployment tasks and deploy EEPC to systems arranged in groups or batches in the System Tree. You
can also base it on a specific tag in ePolicy Orchestrator.
Add user to the client system
You should add at least one user to the client system for EEPC to activate on the client.
Perform disk recovery on decrypted disks
Wherever possible, as a best practice, if you need to perform any disk recovery activities on a disk
protected with McAfee EEPC, we recommend that you first decrypt the disk. For more information
about decrypting the EEPC installed system, see McAfee Endpoint Encryption
7.0 Patch 1 Product
Guide and the McAfee EETech User Guide.
Automatic Repair should be disabled in Windows 8 systems
Automatic Repair of an encrypted disk in Windows 8 systems may destroy the encrypted operating
system files without any notification and cause permanent boot problems. However, previous versions
of Windows displays confirmation message before starting the repair. Windows 8 launches into
Automatic Repair immediately a problem is detected, leaving little scope to prevent destruction of
encrypted data.
To disable Automatic Repair, run this command from an administrative command prompt:
bcdedit /set {current} recoveryenabled No
Educate the client user with the Password/Token/PIN secrecy
Educate your client users to understand they are responsible for the security of their password, PIN, or
token details. Encourage them to change their password, or request a new PIN, if they feel that it may
have been compromised.
Make sure password strength is sufficient
Make sure that your password policy is strong enough for your requirements.
Deployment and activation
Basic preparations and recommendations
4
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
35