cancel
Showing results for 
Search instead for 
Did you mean: 
zehmyn
Level 7
Report Inappropriate Content
Message 1 of 10

Release Announcement: McAfee Drive Encryption 7.2

Hello,

does anyone know what exactly happens when i change the Drive Encryption user logon LDAP attribute in ePO? Will the Token be reset or will it only change the Username for PBA Logon.

Are there any other difficulties we could encounter?

Best Regards

9 Replies

Re: Release Announcement: McAfee Drive Encryption 7.2

Any information for this case? Also we need change samaccountname to userprincipalname (manage LDAP Attributes). Do you have any effect for end users?

Thanks

McAfee Employee jsubbura
McAfee Employee
Report Inappropriate Content
Message 3 of 10

Re: Release Announcement: McAfee Drive Encryption 7.2

Hi @zehmyn , @Miki1612 ,

Thank you for writing in here.

When you change the LDAP attribute in EPO server settings from SamAccountName to UserPrincipalName the token (password,etc) does not change. 

 

Here are the test results and you can see how you can verify the same,

Below screenshot is from the machine info file from the client machine, which was taken when the client machine had the SamAccountName. Kindly note down the Token UUID for the user Indigo1

samaccountname.PNG

 

Below screenshot is from the machine info file from the client machine, which was taken when the client machine had the UserPrincipalName

user principal name.PNG

 

You can now see the name changed to UserPrincipalName  however the token UUID remains the same.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you

Regards,
Jithendran S
McAfee Employee

Re: Release Announcement: McAfee Drive Encryption 7.2

Hello,

thanks for answering.

Now we login with SamAccountName on notebook.
But we have different UPN and SamAccountName in AD.
For example user test:
upn: test@test.hr
SamAccountName: test
Is it possible login on PC with upn and SamAccountName?
If YES, how to configure login with upn and SamAccountName?

Regards,

Miro

 

McAfee Employee jsubbura
McAfee Employee
Report Inappropriate Content
Message 5 of 10

Re: Release Announcement: McAfee Drive Encryption 7.2

Hi @Miki1612 ,

Thank you for the explanation.

You can use only one configured logon string. If you have configured to use SamAccountName then you can login with only samaccountname in the PBA screen.

upn.PNG

 

If you have configured to use userprincipalname in the Server Settings -> Drive Encryption -> Manage LDAP Attributes then you can only login with userprincipalname.

 

At present, MDE has no capability to store multiple variations of logon string to match against, nor has the capability to look additional strings up. If you consider that this feature is required in future releases, we advise you to raise a Product Enhancement Request as per the below article.

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you

Regards,
Jithendran S
McAfee Employee

Re: Release Announcement: McAfee Drive Encryption 7.2

Thanks,

I changed configuration and on PC I had "Unknown user".
Is there anything else to change on EPO?

 

mcafee.png

McAfee Employee jsubbura
McAfee Employee
Report Inappropriate Content
Message 7 of 10

Re: Release Announcement: McAfee Drive Encryption 7.2

Hi @Miki1612 ,

Thank you for the below information about the issue.

You are getting unknown user because the policy enforcement is not yet complete on the end user machine. So if the policy enforcement is not yet completed and ldap user sync task is not run after changing the ldap attributes in EPO, then possibly your userprincipalname is still not updated in the client machine. At this phase you can try with your samaccountname for login or other attribute which you had earlier.

 

Steps: 

After changing the LDAP Attributes in the EPO, go to server tasks in EPO menu and then run the below ldap sync users task.

server tasks.PNG

Then make sure you do wake up agents to all the machines in your EPO, and to verify if your changes has been successful, you can enable the create endpoint machine info file in the MDE policy.

 

machine_info.PNG

And then enforce the policy again to the machine immediately in which you want to verify. Now in the client machine, when you open Show Drive Encryption Status window, you will see a third button called Save Machine Info, click and save the machine info, it will open a notepad file automatically where you can see who are the users assigned to the machine and what is their login name.

save machine info.PNG

user principal name.PNG

 

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you

Regards,
Jithendran S
McAfee Employee
McAfee Employee jsubbura
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: Release Announcement: McAfee Drive Encryption 7.2

Hi @Miki1612 ,

Good day! 

Was the unknown user issue resolved now ?

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you

Regards,
Jithendran S
McAfee Employee

Re: Release Announcement: McAfee Drive Encryption 7.2

Hello,

nothing yet. LDAP synic is ok, but when login with (for exampletest@test.hr I had "Unknown user" on PC.

Regards,

 

 

McAfee Employee sbalamur
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: Release Announcement: McAfee Drive Encryption 7.2

Dear @Miki612 ,

After LDAP change and user assignment followed LDAP sync have you ensured that user test@test.hr added successfully to the machine either from MfeEpe.log or from save machine info logs (if enabled).

If possible please share the latest MfeEpe.log information to have better understanding.
Was my reply helpful?If you find this post useful, Please give it a Kudos!

Please don't forget to select "Accept as a solution" in my reply and together we can help other members?

Regards
Subramanian B
McAfee Employee
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community