cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 9
Report Inappropriate Content
Message 1 of 3

FRP Usage of User Personal and Regular Keys required?

Dear All,

we are using FRP in an on-prem ePO environment. We are only using a small subset of the functions of FRP. Basically our requirements are the ones listed below.

- force encrypttion of removable media, optical and other
- access encrypted media on firm machines by entering a password. We do NOT require media being auto-unlocked.

- enforce password complexity
- access encrypted media on external machines by using the offsite access app and a password.
- recover access to media if the password is lost. This requires to see which user originally encrypted the media in oreder to only restore access to the encrypting or another authorized user.
- reporting of removable media activity including user information

We keep encountering sporadic issues with clients getting the prompt "The specified user is invalid" althought the key exists and is assigned to the user. The issue already consumed innumerable man hours in troubleshooting, which is why we are considering using FRP without keys.

So far, the only purpose of the keys in our scenarios seems to be the auto-unlocking of encrypted media, which is something that we do not require. In a preliminary test, I logged off from FRP and verified under Manage Features that no key was availale. I then performed the below actions without encountering any issues

 

  1. created an encrypted ISO. Password was enforced as well as complecity criteria
  2. mounted the ISO: Got a pw prompt and was able to access the files after entering pw
  3. unmonted and remounted 
  4. Walked through the password-lost process: Recovery key was displayed, user information was displayed, recovery key worked 
  5. Ran Query regarding "removable media device events" and was able to find my action regarding the above mentioned ISO files

form this, I gather that we would not need to deploy any keys to users in order to continue using frp.  what do you think?  is this assumption correct?

2 Replies
Level 9
Report Inappropriate Content
Message 2 of 3

Re: FRP Usage of User Personal and Regular Keys required?

Assuming your encryption of removable and optical media is the "offsite" method and there are no other FRP usages not mentioned here, then it sounds like you do not have a need to assign keys to users.  Of course, in keeping with your initial test, you should be able to test\apply the change further in a slow fashion (a few systems\users at a time) for testing purposes to be sure first.

Level 9
Report Inappropriate Content
Message 3 of 3

Re: FRP Usage of User Personal and Regular Keys required?

Thank you very much for your response!

I am not too familiar witht the options of the program yet. How can I verify that we are using the 'offsite method'? 

Thank you!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community