cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JKdc
Level 9
Report Inappropriate Content
Message 1 of 4

DE items for clarification

We are running DE 7.2.10.56 and have been working fine on encryption and preboot for our single-device users so far. We will need to start looking at devices that have multiple users in the near future. I need some clarification on a few items regarding this.

1) On a test laptop I was able to add a user to PBA through the EPO console. We checked it in and enforced policies, and rebooted but the user could not log in (unknown user). After signing in to preboot with a different account, we had the new user sign in to Windows. We also ran an ldap sync and checked the device in again. After rebooting the user was known, but was not accepting a password. What are/should be the normal procedures for getting a new user(who has never signed in to the device) onto a computer?

2) Some of our devices use generic windows user account that auto-signs in. What's best practice for these devices if we would not know who may be using them and couldn't add the user ahead of time? Would just having PBA active interrupt the current Windows auto-login settings?

3) How does the pba password sync across devices if a user hasn't used a device in a long time? I had thought the preboot password only syncs with windows for the user who signs in. Does that mean if a staff member hasn't used a certain shared device in a long time, the preboot will only take her old password? If that's the case, how does she get in if she doesn't remember it? Assuming if she used her challenge questions and could get passed PBA and signed in to windows, does that password update then?

 

3 Replies
JKdc
Level 9
Report Inappropriate Content
Message 2 of 4

Re: DE items for clarification

I believe I found the answer to #3 - the user would have to use a recovery method and then once she gets past PBA and into Windows, the password will sync.

 

We are still having problems with #1 - we're not getting consistent results trying to add users to a device. Also, our admin "group users" are not being added to devices after PBA is active. I found some articles referring to the LDAP user used to register the LDAP servers and I confirmed that service account is working, is there something else it needs to be able to add these admins?

avinashraghu
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: DE items for clarification

Hello JKdc,

1. After manually adding the user, enforce the policy on the system or send a wake up agent. Once it completes, please open the MFeEpe log located in C:\Program Files\McAfee\Endpoint Encryption Agent\ and check if the user has been added successfully. If the user is added, then reboot and log in with default password "1234567"(Unless changed).

2. If SSO is enabled in the policy, when user logs in to preboot, then system will be automatically logged in. If SSO is disabled, user will get both preboot and windows login.

3. If a user logs in to multiple devices, then password will get updated across all systems when they communicate with ePO. If the system has not communicated with the ePO, then the old password will work till the sync occurs. If the user does not remember the password then admin recovery can be done after which when system communicates with ePO, password would get updated.

 

Avinash Raghunathan

Data Protection

 

JKdc
Level 9
Report Inappropriate Content
Message 4 of 4

Re: DE items for clarification

For #1 - Is there a way to get a new user into PBA without having to do it through the console? Assuming that they were already at the Windows login and could sign in? Does DE actively look for new Windows users as they sign in? 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community