cancel
Showing results for 
Search instead for 
Did you mean: 
kink80
Level 12

Add local domain users

Jump to solution

Can somebody clarify how this setting works in EEPC 6.0.1? Does this setting look at the local users on a machine and then add these users to the Preboot authorized users for this one machine? Or does it do something else? Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
peter_eepc
Level 15

Re: Add local domain users

Jump to solution

I'm quite sure you are right. From the doc, you have:

EEAgent queries the system for the domain users
that have logged on to the client. EEAgent will
then send the collected data to the ePO server
using data channels of McAfee Agent 4.5.0. The
collected data is a list of user names and the
domain names.

0 Kudos
14 Replies
peter_eepc
Level 15

Re: Add local domain users

Jump to solution

I'm quite sure you are right. From the doc, you have:

EEAgent queries the system for the domain users
that have logged on to the client. EEAgent will
then send the collected data to the ePO server
using data channels of McAfee Agent 4.5.0. The
collected data is a list of user names and the
domain names.

0 Kudos
kink80
Level 12

Re: Add local domain users

Jump to solution

Thanks for the clarification. On this same thread would this scenario work?

New user tries to logon to the laptop and cannot because they are not authorized to do so

New user calls our Helpdesk and the Helpdesk does a "Boot Machine once" procedure

User logs into Windows and ample time is given for a synch to EPO

User reboots machine

Would the "New User" now be added to the preboot environment?

0 Kudos
peter_eepc
Level 15

Re: Add local domain users

Jump to solution

It should be able to pre-boot afterwards. But encryption must be active and policies refreshed before user decides to re-boot.

0 Kudos
btschida
Level 9

Re: Add local domain users

Jump to solution

Kink- yes your scenario should work fine, keep in mind though this only works for domain users, not local users (yes I agree the config setting's name can be confusing).

0 Kudos
jsiergiej
Level 9

Re: Add local domain users

Jump to solution

Ok, now user is fired and you remove them from the PC via the encryption users window.  If the user is signed on with the user and the McAfee agent synchs the user is re-assigned the PC automatically.

If I edit the policy and remove "Add Local Domain Users", synch the policy on the computer, remove the user via encryption users, and sync the agent, the user is not readded.  However, I can still sign in at pre-boot with the user.

How can you stop this from happening and stop a user from signing on at pre-boot if they restart the computer?

Message was edited by: Jack Siergiej on 5/18/10 10:54:44 AM CDT
0 Kudos
jsiergiej
Level 9

Re: Add local domain users

Jump to solution

Well, without having the "Add Local Domain Users" selected and removing the user, it finally denied the user login at pre-boot.  I left the computer logged in as the user for a while before I rebooted it.

I'd like this to take effect as soon as the the agent synchs with the server.

I am still having an issue when the "Add Local Domain Users" is checked, the user is signed in, and their assignment is removed from the computer via encryption users.  the user is readded the next time the agent collects and sends props.

0 Kudos
SafeBoot
Level 21

Re: Add local domain users

Jump to solution

this is to be expected - the Add local domain users is applied when the policy is applied. If you don't want it to automatically add users, you need to turn this option off.

0 Kudos
jsiergiej
Level 9

Re: Add local domain users

Jump to solution

So in the case where you have this option on and a user needs to be restricted from signing into pre-boot on a PC, what would you do?

0 Kudos
peter_eepc
Level 15

Re: Add local domain users

Jump to solution

Disable user in AD? Do not use this option?

0 Kudos