I'm currently testing with Drive Encryption 7.1 (ePO managed). I set up a domain controller and an additional server with ePO 5.3. I already checked in the packages and rolled out the software to a client with Windows 7.
At the moment we're using version 5.X (EEPC), which is managed by Endpoint Encryption Manager (EEM). I noticed that the ePO managed version offers ways less features ... or they are maybe hidden somewhere
Just now I can successfully login into Drive Encryption (DE) on startup with a domain account, which is assigned to a particular pc. Unfortunately until now I wasn't able to configure an eToken (e.g. aladdin/safenet without pki) for a specific user.
I followed this manual: https://kc.mcafee.com/corporate/index?page=content&id=KB71556
In the user-policy for DE I chose "EToken Smart Card" (no pki).
I am at my wit's end and appreciate any help for answering these questions:
- how to initialize an eToken (maybe with eToken PKI Client?)
- how to assign an initialized eToken to a specific (domain) user, which has been assign to a particular pc.
Thanks in advance!
Depending upon the token type, you will need to select the token type. The supported tokens and corresponding token type and much more information regarding tokens are listed in KB79787.
You can then utilize a Policy Assignment Rule (PAR) to assign the token to the user. This will allow you to set a User Based Policy to assign to a single user or group. Sometimes you need a PAR and sometimes not. It depends upon your environment. You can find more information about using Policy Assignment Rules in KB71866.
There are 2 types of tokens. PKI and self initializing. It appears all the eTokens are PKI meaning they store a certificate in a PKI store such as Active Directory. You will need to configure your User Based Policy to import the proper certificate from Active Directory for use with this token. The certificate will then be download from AD using the AD: Sync across users Server Task.