Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pre-Boot Authentication token for sys accounts

Hello everyone,

I'm experiencing some troubles on configuring PBA policies from McAfee EPO 5.3.2 and Drive Encryption 7.2

The policy for UBP is actually configured to allow password only token, changing to Smart Card PIN for the systems having a certain tag (I set it up through policy assignment rules).

Now since users are synced with Active Directory, I would like that a particular sys account would always ask for password at the PBA so that I can access systems for troubleshooting.

Here is where I can't understand how to move: I can only set clients to always ask for password or to always ask for PIN, is there a way to force password only for specific user?

I hope I explained my problem properly, thanks in advance.

2 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Pre-Boot Authentication token for sys accounts


I hope I understood correctly your question but you describe the need of using regular user based policies for a specific user:

User-based policy assignment

Basically these are the two type of rules - system and user based:

Assignment RulesAssignment Rules

System based can use either tag or a System Tree location/group while user based apply either to specific tag applied, tree location or the user who is currently logged on a machine in System Tree. Assignment rule takes precedence over ordinary applied policies to a machine or a group.

If you need to force a specific user to use token or password, you just create such UBP and in the criteria point that user/group/membership:

User based criteriasUser based criterias


In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!

Re: Pre-Boot Authentication token for sys accounts


thanks for your answer.

I've been trying to apply what you said using combined policy assignments and policy assignment rules.


Now I have this configuration: UBP set with password assigned to the tree so that it's the standard for all those systems.


In policy assignment rules I added this:


Which assigns the policy Lambo: PKI (setting the token to PIN) for all those systems having the tag PKI_encrypted except for the users I listed.

This is still not working as all systems have password set for all users now.

I really don't get why this is not working


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community