Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
31323334353637383940
Table Of Contents
When enabled, the EEAgent queries the client system for the currently/previously logged on domain
users to the client. The EEAgent will then send the collected data to the McAfee ePO server. These
users will then be assigned to the client system.
We recommend that you have this option enabled, so that you will always be able to authenticate to the
PreBoot of the client without having to manually assign the users to the client system in the ePolicy
Orchestrator console. However, this is a responsibility of the administrator to decide whether this is
required or not depending on corporate requirements.
Prerequisites
The following prerequisites are required to add the local domain users to the Endpoint Encryption
client systems:
The McAfee Agent package is deployed.
The McAfee EEAgent package is deployed to the required client systems.
The McAfee EEPC/EEMac package is deployed to the required client systems.
Registered Active Directory is added and configured correctly.
The Add local domain users option is supported with Active Directory only.
An automated EE LDAP Server User/Group Synchronization task should be scheduled and run.
This task is used to map Active Directory attributes to the Endpoint Encryption settings. This is
required for every Registered LDAP server that is to be used with Endpoint Encryption.
Client systems should be using Active Directory for authentication.
These domain users must be previously or currently logged in users.
At the client side
The Add local domain user option is processed during the next agent to server communication. If this
option is enabled in the policy settings, the EEAgent queries the client system for the domain users
who have logged on to the client. The EEAgent will then send the collected data to the McAfee ePO
server.
The data that is transmitted back will be a list of user names and the domain names. Local Domain
users are detected by examining the Windows registry which has the profile list. This list provides the
list of users who have logged in to the system.
At the server side
When the EE Admin receives a message for adding local domain users, it executes the following steps.
It attempts to find the domain name that the user belongs to. This is done by querying the
Registered Active Directory that is configured with the automated EE LDAP Server User/Group
Synchronization task.
If a registered LDAP server is found then it matches the domain name of the user. An LDAP query
is performed and attempts to find an LDAP node with a samaccountname that matches the user name.
If the user name is found then it will be assigned to the corresponding client system. You can query
the added users by using the View Users option under Menu | Data Protection | Encryption Users | Actions |
Endpoint Encryption | View Users.
4
Deployment and activation
Add group users
40
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide