I have been told by one of our McAfee reps that there is a way to tell endpoint encryption to not use '12345' as the initial password, but rather synch it to an AD password. Currently the AD connector is not setup, so this may not be an option. I am wondering, is there a way to not require a pre-boot logon password until the encryption database synchronizes with the windows password?
MEE does not syncronize with the windows password in the way you are thinking. In other words, when you create a new user in the object directory, the new object will not know what your windows or Active Directory password is.
MEE has a default PW of 12345. once you login with that you can force a user to reset their PW to a password of their liking.
You can optionally setup SSO (single sign on) which, once MEE has been installed, will take the windows password that you last logged in with and change your MEE password to match so they stay in sync assuming that both usernames for AD and MEE are the same.
Using the AD Connector is a handy way to populate your object directory with usernames. It beats creating them one at a time by hand. And you can tell all users that it creates to use a different default PW other than 12345 if you want.
"is there a way to not require a pre-boot logon password until the encryption database synchronizes with the windows password? "
In short, no. For the SSO option to work you must first sign on with your MEE username and then, if you login to windows with the same username and but the passwords are different then your MEE password will be reset to match the windows PW. So in order for the MEE and Windows password to be in sync you must login with the MEE account with a default or temporary PW first.
Can autoboot mode be set for one machine group in particular? In other words, if I send an installation piece to a user that checks into the database and never encrypts in that machine group, can I have that group also not prompt for a MEE password until I move the machine to its destination container?