cancel
Showing results for 
Search instead for 
Did you mean: 

Pre-Boot Authentication token for sys accounts

Hello everyone,

I'm experiencing some troubles on configuring PBA policies from McAfee EPO 5.3.2 and Drive Encryption 7.2

The policy for UBP is actually configured to allow password only token, changing to Smart Card PIN for the systems having a certain tag (I set it up through policy assignment rules).

Now since users are synced with Active Directory, I would like that a particular sys account would always ask for password at the PBA so that I can access systems for troubleshooting.

Here is where I can't understand how to move: I can only set clients to always ask for password or to always ask for PIN, is there a way to force password only for specific user?

I hope I explained my problem properly, thanks in advance.

2 Replies
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Pre-Boot Authentication token for sys accounts

Hello,

I hope I understood correctly your question but you describe the need of using regular user based policies for a specific user:

User-based policy assignment

Basically these are the two type of rules - system and user based:

Capture.PNGAssignment Rules

System based can use either tag or a System Tree location/group while user based apply either to specific tag applied, tree location or the user who is currently logged on a machine in System Tree. Assignment rule takes precedence over ordinary applied policies to a machine or a group.

If you need to force a specific user to use token or password, you just create such UBP and in the criteria point that user/group/membership:

Capture.PNGUser based criterias

 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino

Re: Pre-Boot Authentication token for sys accounts

Hello,

thanks for your answer.

I've been trying to apply what you said using combined policy assignments and policy assignment rules.

 

Now I have this configuration: UBP set with password assigned to the tree so that it's the standard for all those systems.

 

In policy assignment rules I added this:

Annotation.png

Which assigns the policy Lambo: PKI (setting the token to PIN) for all those systems having the tag PKI_encrypted except for the users I listed.

This is still not working as all systems have password set for all users now.

I really don't get why this is not working

Thanks

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community