cancel
Showing results for 
Search instead for 
Did you mean: 
SafeBoot Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 21 of 33

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

np - you could probably hack this out of linkuser as well - start at the bottom of the script, the first 10,000 lines or so are just included classes.

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

Thanks. I'm reading the SBAdmCL scripting guide now, i'll see how i get on.


Thanks


GM

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

Hi Safeboot,

I've run through the Endpoint Encryption Scripting Tool User Guide. In my test environment i've successfully run a script to change a bindingname etc on a group of users, however what i actually want to achieve is set a value of 0 on the SbAdCon0.changes existing binding.

The only commands i can find in the document are ChangeBindingName and AddBinding, however i can't find one to specify the Bind Value of a an existing one. In one of your previous posts: https://community.mcafee.com /message/202925 you have stated "There are API commands to both delete the binding, and set its value". Can you point me in the direction of these commands or know where i am going wrong?

Many Thanks


GM

SafeBoot Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 24 of 33

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

If I remember correctly addbinding will change the value of an existing binding, if you use the same name?

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

Hi Safeboot,

I have this working for a single user using this command     sbadmcl -adminuser:admin -adminpwd:**** -command:addbinding -user:jbloggs -bindname:sbadcon0.changes -bindvalue:0

However, unlike the changebindingname command, the add binding doesn't have a group parameter? It certainly doesn't work. Where as the group parameter works perfectly on the
changebindingname command. Any ideas?

Thanks


GM

SafeBoot Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 26 of 33

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

get the user list from the group with dumpusersbygroup, then iterate through them changing the binding?

It will be slow as you will cause a login each time if you use a batch file (much faster in vbscript using a persistant connection like linkuser does)

the sbadmcl class in linkuser might have dumpusersbygroup exposed, returning an array or collection? I don't have the code to hand unfortunately.

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

Hi Safeboot,

Yes that sounds like a good option, i'll look into the dumpusersbygroup command.

I don't have any experience of vbscripts tho so i'll probably have to stick to batch files.

In addition https://community.mcafee.com/thread/38272 It appears that someone on the forum got round this by renaming the sbadcon0.changes to
sbadcon9.changes, then ran the connector (to regenerate the sbadcon0.changes with a 0 value) and then deleted the sbadcon9.changes - all by using the ChangeBindingName command - that does allow groups changes.

Can you see any issues with doing it this way?

Thanks

GM

SafeBoot Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 28 of 33

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

no - seems perfectly logical to me - I can't see a down side, the connector should recreate the original binding.

probably worth testing on a single user first though of course.

Highlighted

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

Hi Safeboot,

Thanks i'll go forward with that plan and test it and i'll use your other suggestion as another option if it's not successful.

Thanks again as usual

GM

Re: Endpoint Encryption Manager 5.2.11 - Connection Manager AD Issue 2008 AD in 2003 Domain Functional Level

Hi Safeboot,

I ran through this change on one user in the live environment. I manually edited their binding from sbadcon0.changes to sbadcon9.changes and then ran the connector whilst pointing to the NEW Domain Controller.

I incorrectly was expecting the sbadcon0.changes to have a change value of 0 - but now thinking about it logically, it will just pickup the change value of the Domain Controller (which incidently was lower than the OLD Domain Controller - which is what is needed to fix the issue).

I'm assuming that this should be ok, despite documentation https://kc.mcafee.com/corporate/index?page=content&id=KB69760 stating it needs to be set to 0?

Thanks


GM

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community