cancel
Showing results for 
Search instead for 
Did you mean: 
zn
Level 7
Report Inappropriate Content
Message 11 of 15

Re: Pre-Loading Local Recovery Pairs

Jump to solution

but the point is we use both so the end user has to enter them twice, we want to preload the local recovery info and are asking for an api to enable this...

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 12 of 15

Re: Pre-Loading Local Recovery Pairs

Jump to solution

you should really be using different details for both - you don't want administrators being able to see personal information about the user. A classic example is SSN - there's zero reason for an administrator or a helpdesk person to know or see this, but it's a perfect question for the local recovery option.

regardless though, there are no plans to expose the local recovery questions through an api - they can only be set in the pre-boot by the user for securty reasons.

Highlighted
zn
Level 7
Report Inappropriate Content
Message 13 of 15

Re: Pre-Loading Local Recovery Pairs

Jump to solution

what is SSN?

we tailor our questions so they are not a security risk to the user, what was the licence plate of your first car is hardly a problem etc.

Re: Pre-Loading Local Recovery Pairs

Jump to solution

Maybe here's the way to look at this:  think of a Q/A pair as a password.  Now create an API to set that password just like the API you already offer to set the password token. The API can't read what that password is, but it can set it.  That's what we're asking for. We already have all our users' Q/A pairs (stored safely away from prying eyes BTW) in our Identity Management System--we just want a way to leverage that so users don't have to maintain multiple Q/A sets.  And yes, we have separate Q/A sets:  one for help desk assistance and one for user self-service, and never the two sets shall meet.

Re: Pre-Loading Local Recovery Pairs

Jump to solution

Sorry Courtney, but no such luck.  As you can see from SafeBoot's response, they don't get it but have decided they do.  After my original post I waited like 3 months for the FMR form to work then gave up.  I tried explaining the circumstance to someone at a McAfee Focus conference once and quickly realized this functionality contradicted that group's world view.  At that point I gave up for good since it became obvious it would go nowhere.  If anyone from McAfee is actually interested in hearing more PM me and ask me to fill out the FMR.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community