cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Allow Temporary Automatic Booting 6.1.2

Jump to solution

"Allow Temporary Automatic Booting This option allows the administrator to run the scripts on the the client system, so that it can automatically boot without prompting for a Pre-Boot Authentication temporarily"

Can anyone elaborate on this?   How long is temporary?  How many reboots does the admin get? 

I copy my default policy which requires PBA and I move my whole fleet I plan to patch into this group?  If so, how long do I have to wait after a collect and send props before I can rely on it?

How do I know that "Temporary Automatic Booting" is in effect?

Is there a best practice guide for this?

Thanks everyone!

Rich S.

1 Solution

Accepted Solutions
dwebb
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Allow Temporary Automatic Booting 6.1.2

Jump to solution

Hi Rich, we have unfortunately identified a defect in the documentation which we are working to address.

We are working on a KB article which I am hoping will be published today, and then to correct the issue in the docs.


Please bear with us for a little longer on this issue.

Thanks

View solution in original post

6 Replies

Re: Allow Temporary Automatic Booting 6.1.2

Jump to solution

And how does this differ from the

Enable Automatic Booting on the Log On tab?  Thanks again....

Rich

Timmah
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 7

Re: Allow Temporary Automatic Booting 6.1.2

Jump to solution

Hi Rich,

I would hope this stuff is covered in the documentation. However, briefly, the feature works like this:

1) In advance of patch roll-out, you "allow Temporary Autoboot" in the product policy. This does nothing more than tell EEPC on the machine to listen to commands regarding temporary autoboot.

2) You can optionally run a query after a few ASCIs to verify that the machines are reporting themselves as having Temporary Autoboot enabled (there's now a property for it).

3) Using your in-house mechanism for patch deployment, integrate the use of the EpeTemporaryAutoboot.exe. This executable takes some parameters that allow you to specify the conditions that decide when PBA is re-enabled, such as "number of reboots" and "number of minutes" (since the EXE was called).

4) Let your scripts install the patches, without PBA hindering any reboots.

5) Disable "allow Temporary Autoboot" in the product policy.

6) Over the course of an ASCI, machines will re-enable PBA due to the policy setting.

7) Run a query to make sure they're all secured.

The goal in patch rollout + EEPC is to minimise the window of opportunity for someone to walk in and "yoink" the machine. It's recommended that the patch rollout be tested in isolation to establish exact requirements for numbers of reboots, number of minutes, or both. However, if patching fails for some reason, you don't want to leave a machine unsecured, so disabling the option in the policy at the end safegaurds against this.

As you can see, this is quite different from standard autoboot. We realised that autoboot leaves a big window of opportunity, since it relied entirely on the completion of policy enforcement. Temporary Autoboot has a much finer grain of control, due to the EpeTemporaryAutoboot executable.

Hope this helps!

Tim

Re: Allow Temporary Automatic Booting 6.1.2

Jump to solution

Thank you very much for that thorough reply.  I was unable to locate any of that in the documentation or EE_HELP.  Very good stuff - when it works.  We have LANDesk so this will make life MUCH BETTER  

I cant wait for KB article for more documentation.  I will start looking into this shortly with the information you describe.

PS:  If this is in the docs anywhere, I apologize for missing it, but could you please point me to it for the read?

Best regards,

Rich S

dwebb
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7

Re: Allow Temporary Automatic Booting 6.1.2

Jump to solution

Hi Rich, we have unfortunately identified a defect in the documentation which we are working to address.

We are working on a KB article which I am hoping will be published today, and then to correct the issue in the docs.


Please bear with us for a little longer on this issue.

Thanks

View solution in original post

Re: Allow Temporary Automatic Booting 6.1.2

Jump to solution

Has there been any update on the documentation for this feature?  We're a LANDesk shop and this would really help us on patch night.

Thanks.

Ah hah!  Found it:  https://kc.mcafee.com/corporate/index?page=content&id=KB73220&actp=search&viewlocale=en_US

Message was edited by: rsterling on 10/28/11 6:27:20 PM CDT
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community