Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
Table Of Contents
End user experience
The deployment task pushes both the Endpoint Encryption Agent and the EEPC/EEMac components to
the selected systems. The installation is silent, however, the user is prompted to restart the client
when the EEPC/EEMac component install is complete. It is important that the user restarts the client
PC when prompted. If this does not happen, EEPC/EEMac will not activate.
When the EEMac product is active on the client system, you should not perform any disk partitioning
activities.
Add group users
Group Users are the Endpoint Encryption user accounts that are allocated to every encrypted system.
They are typically administration accounts used for troubleshooting and supporting the client in a
given group.
If you choose to add a Group or an Organizational Unit (OU), you will not see the individual user names.
Instead, you will see the entire Domain Name of the Group or Organizational unit.
If you do not follow the recommendations on Change default password and Do not prompt for default password
options, then all Endpoint Encryption user accounts, including Group User, accounts get assigned the
default password upon creation. If the default password is not changed in the UserBased Policies then
use 12345 as the default password for the first time you log on with these user accounts.
If you want the system to capture the user's credentials automatically without having to make them
use a default password on PBA, enable the Do not Prompt for default password option under User Based Policies |
Password.
Users
To access the data on an encrypted computer, the user must go through the PBA. If the Enable Auto
Booting option is not enabled then the client user is presented with the PBA screen when the system is
restarted after activating Endpoint Encryption.
During the first PreBoot after activation, the user needs to initialize the user account with the default
password and enroll for the self recovery if this feature has been enabled in the policy.
Make sure that at least one manually added user is assigned to the client system. For example, this
could be an admin user assigned to all systems.
During the initialization process, users will set up their PreBoot credentials to unlock the disk. Only
the assigned users from a registered LDAP server will be accepted by Endpoint Encryption PBA.
At least one Endpoint Encryption user is required to be assigned to Endpoint Encryption on each client;
this could be an administrative user.
Add local domain users
This option automatically adds the previously logged in domain users to the client system, so that
administrators don't have to manually assign users to the client systems in the ePolicy Orchestrator
console.
This option can be enabled as and when needed through the Endpoint Encryption Product Settings
Policies (Menu | Policy | Policy Catalog | Endpoint Encryption 7.0.1 (Product Settings) | Log on tab | Add local domain
users).
Deployment and activation
Add group users
4
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
39