ePO 4.6.6. , MC Agent 4.8, EE Agent 7.0.1
We are currently beta testing Endpoint Encryption for PC , and I have two questions to ask and i'm hoping i can get some answers and insight:
1. 1- Is there any way to avoid having the “Change Password” dialogue come up during the first time when the user logon to EE Pre Boot Authentication?
we don’t see any way to disable the “Change Password” popup (I think it’s a must and by design). We are using Single Sign On, the words “Change Password” are confusing our users and making them think they are changing their corporate password. Although we tell them in the instructions that this password should be the same as the corporate password and that in this step they aren’t changing the corporate password but actually providing the corporate password to Endpoint to pass to windows for single sign on , it’s still confusing to them.
If we can’t disable the feature can we at least change the popup dialogue’s Title from “Change Password” to something like “Enter your Current Corporate password”
I also found this online which points to the same issue,
2. 2- I’ve read this in other threads but would like to confirm, What are the password change events that EE monitors to update Single Sign On? Are they only Changing password through (Ctrl + Alt + Del) and login events after password entry failures?
The reason I ask, is because we stopped using the (Ctrl+Alt+Del) in our environment and we are now using a cloud base website solution to change the password (this is used because the website also allows the user to unlock their accounts and provides one set of instructions that we can use for all users with (domain machines, non-domain machines , local , remote , ….)
Right now, after testing , we found the best route would be to tell the user once they change their password using the website, after restarting they need to choose the “change password” option in Pre Boot Authentication and provide their old and then update PBA with the new password at the “Change Password” dialogue to re-establish Single Sign On.
Thank You and looking forward to hear from you
Sorry, no. Neither of the things you suggest is currently supported in the product. All I can suggest is you raise a change request with your mcafee rep.
I'll check with our Rep, Do you think it's doable? Is it linked to the theme settings ?
One more question i have: Can the McAfee Agent uninstaller be password protected so the user won't remove it? I know it can't be removed in the control panel but it can be removed usint "/remove=agent"
the theme controls the pre-boot intereface, so it's possible to change things there, but not in Windows.
no, I don't believe it's possible to password protect the agent, but you can't remove the agent while it's being used by other products (and I think you need admin rights as well). Even if you removed the agent, the drives would still be encrypted.
since we won't be using the Ctrl+Alt+Del method to change the corporate password in windows , we are hoping that if we can change the title of this window then that would remove alot of the confusion on the user end, we want the title to be "Enter your new Corporate password" or "UpdateEndpoint your new corporate password" instead of "Change Password".
on another thought we may just go back to using Ctrl+Alt+Del as the standard method to change the windows password and that should make life easier since it updates the PBA password automatically without the user having to do it manually on next reboot. Is this what you would recommend?