cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 2

FRP - personal key provisioning to client

We are using the FRP 5.10 ePO extension. Our one and only Grant Key policy grants a single regular key to the FRP clients. However, we are seeing that the FRP clients are also using the personal key of the logged on user.

It looks to me as if personal keys are always provisioned to the clients even if there is no corresponding policy. Is this correct? Or, is there a way to disable the provisioning of the personal keys while keeping them enabled und FRP keys / Settings?

Thank you!

1 Reply
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: FRP - personal key provisioning to client

1st unload all the personal keys from Grant Key policy or role.

  1. Click Menu  Data Protection  FRP keys.
  2. Select the user personal key, then click Actions  Edit Key.
  3. Select "Disable"

DLP44.jpg

DLP4.jpgDLP5.jpg

User Personal Key details is usually used for recovery purpose by End-users.

Other info:

User Personal Keys
  • These keys are generated and managed centrally in ePO.
  • They are generated at the time a user requests a key from ePO.
  • The User Personal Key is unique to each user. There is one User Personal Key created for each user that requests it. Thus, data encrypted with the User Personal Key can't be read by others, or shared with others.
  • The key is unique to one user, and assigned only to that user.
  • The Key Administrator can locate a User Personal Key in ePO, and if needed, change its attribute to be a generally available key. The Key Administrator can then assign other users to that specific User Personal Key. Which is a typical use case when a User Personal Key is used as an FRP Recovery Key.
  • By granting an Auditor, or Forensics Agent access to a user’s User Personal Key, it is possible to read data off that user’s removable devices. Do not confuse User Personal Keys with User Local Keys. It is assumed the Removable Media Protection policy states it is the Recovery key.



 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community