Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
51525354555657585960
Table Of Contents
It is important to understand the export options; Machines and Users in the export wizard. You can
select any one of the options to export the required user assignments from 5.x.x Endpoint
Encryption Manager.
On selecting the Machines option in the export wizard, all users assigned to the selected machines
from 5.x.x database are exported. This also provides the option to select specific machine, so
that all the user assigned to that particular system can be exported.
On selecting the Users option in the export wizard, all systems to which the selected users are
assigned are exported. This also provides the option to select specific users so that all the
systems that have the selected users are exported.
By default, system or user audit event data is not exported. It is the responsibility of the
administrator to select the Export Machine and User audit events option during the export process.
Importing the audit logs increases the size of the McAfee ePO database. We recommend that you
keep the number of days as minimum as possible.
Import user assignments to McAfee ePO
The Endpoint Encryption Admin extension provides a user interface to import the export file (.ZIP)
created during the export from 5.x.x administrator system.
Important prerequisites for importing user assignments
Make sure that you have the permission to Allow Import of v5 users to perform this task. You
can enable this permission by navigating through Menu | Users | Permission sets | Endpoint Encryption | Allow
Import of v5 users.
Make sure that you have copied the export file (.ZIP) to a location where you can access it from the
McAfee ePO server.
Make sure that the systems to be upgraded are managed by ePolicy Orchestrator.
Make sure to register the LDAP server on the McAfee ePO server and make sure it is the same
server registered on the 5.x.x database.
Schedule and run the server task EE LDAP Server User/Group Synchronization before initiating the import
process.
Key notes on importing user assignments
If users were manually added to the 5.x.x database and the same users were not present in the
Active Directory, then that 5.x.x users will appear as unmatched users in ePolicy Orchestrator
during the import process. In this situation, you need to make sure that you assign these
unmatched users to configured LDAP users.
EEPC 5.x.x users disabled in the Active Directory will be imported to ePolicy Orchestrator during the
import process, however, the properties of these disabled users will be determined by the Endpoint
Encryption Server Setting configured in ePolicy Orchestrator.
The application performs the system matching using the 5.x.x machine name and the McAfee ePO
system name. The results are colorcoordinated, so that it is easy for the administrator to analyze
the results.
Green indicates a successful matching
Red indicates an unsuccessful matching
The application performs the user matching using the binding attributes if they are present. If no
match is found, the rules are used to search every LDAP server that has been set up with EE LDAP
6
Migration and upgrade
Import user assignments to McAfee ePO
54
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide