cancel
Showing results for 
Search instead for 
Did you mean: 
gldnju
Level 8
Report Inappropriate Content
Message 1 of 27

Autoboot

Jump to solution

Does "Allow Autoboot user to be managed locally" option have to be checked, along with unchecking "Disable checking for Autoboot" for the Autoboot function to work properly?

I created a machine with only having the "Disable checking for Autoboot" unchecked, and it DID NOT bypass PBA.

1 Solution

Accepted Solutions
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 26 of 27

Re: Autoboot

Jump to solution

first I would say to read the scripting guide - your command parameters are wrong.

it should be "sbadmcl.exe -command:disablesecurity"

you realise there is minimal protection if you turn off the preboot, and you won't be able to claim protection from any data loss regulations?

26 Replies
gldnju
Level 8
Report Inappropriate Content
Message 2 of 27

Re: Autoboot

Jump to solution

I apologize, sbadmcl command did not work

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 3 of 27

Re: Autoboot

Jump to solution

you need to create and deploy a proper $autoboot$ user as well of course? The options you're toying with only give the 'capacity' to be insecure, they don't make it happen.

the "allow autoboot to be managed locally" etc option enables the disablesecurity command in the api. It's a different way of doing the same thing.

gldnju
Level 8
Report Inappropriate Content
Message 4 of 27

Re: Autoboot

Jump to solution

I noticed in SB 4.2, in client file groups, there is a group called Command line files.  I can check this group in the machine file properties.

In EE 5.2, in client file groups, Command line files group is there, but I CAN'T check on the group in the machine file properties (it's not showing).

Is this the reason autoboot isn't working?

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 5 of 27

Re: Autoboot

Jump to solution

no. The api has nothing to do with AutoBoot, it just lets you locally manage it, and I'm doubtful that's what you really want?

Best thing would for you to get some professional help - Although technically it's simple to make all your machines boot automatically, the implications, ie not being secure any more, not being protected against data disclosure laws etc, are much bigger and require more thought.

gldnju
Level 8
Report Inappropriate Content
Message 6 of 27

Re: Autoboot

Jump to solution

I guess I'm not wording my question correctly.

The file group which contains the file SBADMCL.exe, does that need to be added to the machines files to run sbadmcl -command:disablesecurity?

If so, does the properties of that file group (with sbadmcl) need to be set to client files or administration system files?

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 7 of 27

Re: Autoboot

Jump to solution

you need sbadmcl.exe and sbadmdll.dll to be in the client directory, one way of doing that as you say is to deploy them through EEM. It needs to be client files to appear on the machine properties window.

gldnju
Level 8
Report Inappropriate Content
Message 8 of 27

Re: Autoboot

Jump to solution

Ok, got it.

In EEM --> System tab --> Endpoint Encryption File groups --> "Command line file group" (the group that contains sbadmcl, sbadmdll.dll and sbadmcom.dll) If I right click on "Command line file group" and select Properties --> click on the Content icon --> under Group Content Types, do I select Client Files or Adminstration System Files, before creating the install set?

Message was edited by: gldnju on 4/6/10 1:59:32 PM GMT-05:00
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 9 of 27

Re: Autoboot

Jump to solution

as above - if you want to deploy it to a client, give it client file properties.

gldnju
Level 8
Report Inappropriate Content
Message 10 of 27

Re: Autoboot

Jump to solution

Ok, good.  Now back to why I originally posted the message.

(By the way, this is an offline machine, hence the use of the SDB file.)

I have a customer that  I created an install set for WITHOUT the file group which contained (Command Line file group: sbadmcl and sbadmdll.dll).  The customer encrypted the machine only to find out that the autoboot function wasn't working.  If the customer sends me the SBXFERDB.SDB file and I import it into the EEM database, make the change to the machine to include the Command Line file group, send it back to the customer to paste in the EE directory, the customer runs a synchronization, will the Command Line files sync to the machine to allow it to use Autoboot?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community