Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
41424344454647484950
Table Of Contents
How to destroy the recovery information for an Endpoint Encryption installed
system?
When you want to secureerase the drives in your Endpoint Encryption installed system, remove all
users from the system (including those inherited from parent branches in the system tree). This will
result in making the disks inaccessible through normal authentication as there are no longer any users
assigned to the system. You need to then destroy the recovery information for the system using the
option Menu | Systems | System Tree | Systems tab | Actions | Endpoint Encryption | Destroy All Recovery Information in
the ePolicy Orchestrator console. This means that the system can never be recovered.
Configure role based access control for managing Endpoint
Encryption
The ePolicy Orchestrator administrator rights management determines what administrators can
perform while managing the Endpoint Encryption software.
The administrator can set up Endpoint Encryption specific permission sets to different users in ePolicy
Orchestrator. The permission sets can be created for Executive Reviewer, Global Reviewer, Group
Admin, and Group Reviewer. The Endpoint Encryption Administrator extension (EEADMIN.ZIP) enables
ePolicy Orchestrator administrators to control Endpoint Encryption Systems that are managed through
ePolicy Orchestrator.
The McAfee ePO administrator for Endpoint Encryption is able to:
Manage Endpoint Encryption users, policies and server settings
Run queries to view the encryption status of the client systems
View client system audits
View McAfee user audits
Manage Endpoint Encryption Providers
Administrative roles can be configured and implemented using the Endpoint Encryption Permission Sets option
present in ePolicy Orchestrator. It is possible to configure a number of admin roles using this option.
For example, you can create admin roles such as:
Endpoint Encryption Administrator: User accounts in this level have full control of Endpoint Encryption, but
cannot manage any other software in ePolicy Orchestrator.
Endpoint Encryption Helpdesk: User accounts in this level can do Endpoint Encryption password resets
only.
Endpoint Encryption Engineer: User accounts in this level can do password resets as well as export
recovery files to be used with EE Tech tool.
Endpoint Encryption Auditor: User accounts in this level can view Endpoint Encryption reports only.
Before you begin
Make sure that your LDAP server is configured and registered in ePolicy Orchestrator.
Make sure that you schedule and run the EE LDAP Server User/Group Synchronization task.
Make sure that you enable the Active Directory User Login option in ePolicy Orchestrator. To enable,
navigate through Menu | Configuration | Server Settings | Active Directory User Login | Edit, then enable Allow
Active Directory users to login if they have at least one permission set option.
5
Operations and maintenance
Configure role based access control for managing Endpoint Encryption
48
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide