Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
41424344454647484950
Table Of Contents
5
Operations and maintenance
Managing your systems in different batches, branches or groups will make a great impact for Endpoint
Encryption deployment. It is a good practice to arrange the systems in ePolicy Orchestrator in
department level or batch level, then deploy the product to these batches one by one.
Managing the servers and client systems
Client deployment in batches with an appreciable number of systems is a good practice by itself.
Please keep the following recommendations in mind while managing the servers and client systems:
Do not try to create the Endpoint Encryption deployment task at the root level of your system tree
and activate it. It is a good practice to deploy Endpoint Encryption to the systems at the sublevel
branches.
Do not deploy EEPC to the server systems, specially the server hosting your McAfee ePO server.
Secure your McAfee ePO server and database system in the most secured location and keep it
accessible for authorized personnel only.
Contents
How does disabling/deleting a user in Active Directory affect the Endpoint Encryption user
Manage Machine Keys
Configure role based access control for managing Endpoint Encryption
EEPC 7.0 Patch 1 scalability
How does disabling/deleting a user in Active Directory affect
the Endpoint Encryption user
Every user account has an objectGUID in LDAP. If a user account is deleted from LDAP and another is
created with the same user name, this new user account will be a different entity. This is because the
objectGUID would have changed for the new user.
To delete a user in LDAP
You must first delete the user in LDAP, then run the EE LDAP Server User/Group Synchronization task and send
an Agent wakeup call. The user will disappear from EE Users list after the EE LDAP Server User/Group
Synchronization task is complete.
The ePO Server Settings option If user is disabled in LDAP server within Configuration | Server Settings | Endpoint
Encryption | General | Edit can be configured to disable, delete, or ignore the user if the user has been
disabled in the LDAP Server. The disable option is enabled by default.
5
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
45