I'm new geek on this forum and I have very strange issue with Endpoint Encryption password synchronization. We have about 150 PC in our company an use one universal Administrator account for management (domain admin). We add this account recursively from domain admins OU from Active Directory to all encrypted computers. Our problem is that above message appears sometimes to times when we wan't login within preboot authentification. We use only one identical password (never changed and never expires) for Administrator user (both in EE and AD service).
This issue is strange because when "Password entry disabled.." warn appears on 1 PC I can login on the same credentials in other computers. I can repair this issue only with a Endpoint Recovery console, enter Challenge Code and reset Token. After this operation finished, new password form popped and I entered always the same password, which mentioned above. However issue still repeat on various PC.
We have different version of EEPC from 6 to 7 (I recently upgrade epo to 4.6.6, eepc to 7.0.2 and other extensions and package to latest versions) . But when we have only one (EEPC v184.108.40.2066, EPO v4.6.2) this issue also occured.
Can anyone help me?
it simply means someone tried guessing the account more than three times somewhere. That's one of the down sides of shared accounts.
remember, activity on accounts gets mirrored around your org, so if someone guesses three times on machine a, those attempts will get reflected to machines b,c,d etc when they sync.
bottom line is don't use shared accounts - it's awful from a security point of view, and you don't satisfy the premise of auditability. Use a unique account for every person.
ok so what we can do now. We must have main administrator account, but we can't create different admin account for each computers. Any users have unique limited domain account and this is not a problem. But when we wan't switch user to administrator - this is a problem. You think someone tried guessing more than three times somewhere. Ok, I understand, but why 1 PC is blocked and another no? When account is reached failure logon limit and it's blocked. It seems to me that I can't logon on any computers. But it is not so.
I can't understand McAfee password synchronization policyMessage was edited by: newag on 9/30/13 9:22:24 AM CDT
For a password to sync, the machine has to connect to EPO. So, on the machine the user has been guessing on, someone has to actually log in so windows starts, then that guessing will be reflected into EPO, and sent down to other machines.
Why do you need to be using a main admin account? Why don't you simply add the individual accounts for each administrator to each machine? Having an anonymous "admin" account is not really how things should be.
Huh, ok sorry but I again don't understand your reply. We can't add the individual accounts for each administrator to each machine, because we have blocked possibility of logon local users. We provide users to Endpoint Encryption via Endpoint Users module and this users are assign from our Active Directory service. This is not anonymous "admin" - this is global, build-in domain administrator, who have all privileges and which is used for domain maintenance, install/remove apps, copy files, etc.
I have a another question. Is there a solution which allow me to copy data from unbootable encrypted computers or same encrypted disks? Now we are using WinPE with EETech and remove Endpoint Encryption (I means Token and EECode Authorization). But this options is horrible slowly. For example laptop with 500GB HDD is able to decrypt about 72 hours. It's sick. We can using BartPE with EETech but this solution is not able to handle external usb devices, AHCI or RAID drives etc. The best options would be some linux distrubution (for example SystemRescueCD) with the possibily of access to data (prior authorization of course), or moved encrypted drive to another computer, authorize with token, file, eecode, whatever and copy data to another drive.
Firstly, if you're using EETech on WinPE, then it will take the same amount of time to decrypt as it did to encrypt - it's exactly the same driver etc. If it's running really slowly, that usually means you forgot to add your vendor specific hard disk driver to the WinPE image.
RAID is not supported anyway, AHCI is - again, you need to add the Windows driver to the WinPE image - It's WinPE handling the disk, not EETech.
You can access the drive in WinPE after mounting it in EETech so you can access the data on it etc copy files off the encrypted drive, fix the registry etc, in fact all the things you mention are possible once you have EETech running on WinPE.
Again, to fix the speed problem, make sure you add the Dell or whoever disk drivers to your WinPE/BartPE build.