cancel
Showing results for 
Search instead for 
Did you mean: 

Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

Hi All,

We have recently upgraded our AV server to EPO 4.5 patch 3 and I have successfully installed EEPC 6.1 and I have it installed on a couple of machines just for now to complete testing however there is one issue that I am a little confused on and I am sure it is probably just a tick box somewhere but I have the SSO option ticked in the policy however it doesn't seem to work. Is there any documentation or does anybody know how to create a single sign on option policy for all of my safeboot users so that they can login and authenticate via safeboot using their windows username and password? My boss has agreed to be the guinea pig so I have to get this right first time or I'll end up taking a long stroll down washout lane lol.

If anybody could point me in the right direction I would greatly appreciate it.

Many thanks.

0 Kudos
1 Solution

Accepted Solutions
mherrera
Level 9

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

I send the EEPC Guide v.6

Regards.

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22395/en_US/...

Message was edited by: SafeBoot - replaced embedded doc with link to KC version.  on 10/6/10 11:34:23 AM EDT
0 Kudos
10 Replies
mherrera
Level 9

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

What version of EEPC have exactly installed? 6.0.1?

I think EEPC 6.1 is beta version.

0 Kudos

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

It is EEPC 6 Patch 1 so I assume that this is 6.0.1?

0 Kudos
mherrera
Level 9

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

Yes, version 6.1 is not yet available.

0 Kudos

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

Ah cool thanks for pointing that out so do you have any ideas about how I go about getting a single sign on policy set up for this version of EEPC? Currently I have the SSO box checked and password must match windows password box checked but that still does not appear to work am I missing something?

0 Kudos
mherrera
Level 9

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

You've followed the steps in the Guide Product? See pages 50-51

Enabling Single Sign On (SSO) on a system
Use this task to enable SSO on a system. This option enables the Single Sign On which allows
the user to log into the system with a single authentication process. It allows auto login to the
system once the user authenticates through the pre-boot authentication page.


NOTE: The SSO feature is applicable for Windows based systems only.
How does EEPC control the Windows Logon mechanism?


EEPC intercepts the Windows Logon mechanism using a Passthrough Shim Gina on Windows
NT, 2000, 2003, and XP and a Credential Provider on Vista. On Windows 2000 and XP
operating systems, a custom .ini file (EPEPCGINA.INI) is used to help EEPC analyze the logon
page and port the credentials into the correct boxes on the logon page. In Windows VISTA,
Microsoft has replaced the original MSGINA (Graphical Identification and Authentication) with
a new method called Microsoft Credential Provider.
EEPC supports the Single Sign On architecture and implements a Credential Provider to
communicate with Windows. EEPC displays each token as a potential logon method. While
logging into EEPC, it prompts for your Windows credentials only for the first time and EEPC
stores the Windows credentials securely. On subsequent logon events, EEPC retrieves the stored
Windows credentials to logon.
Task
For option definitions, click ? in the interface.
1     Click Menu | Systems | System Tree. The systems page appears. Select the desired
group under System Tree pane on the left.
2     Select the desired System, then click Actions | Agent | Modify Policies on a Single
System. The Policy Assignment page for that system appears.
3     Select Endpoint Encryption 1.1.0 from the Product drop-down list. The policy
Categories under Endpoint Encryption appear with the system's assigned policy.
4     Select the Product Settings policy category, then click Edit Assignments. The Product
Settings page appears.
5     If the policy is inherited, select Break inheritance and assign the policy and settings
below next to Inherit from.
6     Select the desired policy from the Assigned Policy drop-down list, then click Edit Policy.
The policy settings page appears.
NOTE: From this location, you can edit the selected policy, or create a new policy.
7     Click Log On tab, then select Enable SSO under Windows pane.
8     Select the options Must match user name, Synchronize Endpoint Encryption
password with Windows, and Using smart card PIN if required.
a   Must match user name - This option ensures the SSO details are only captured when
the user’s Endpoint Encryption and Windows IDs match.
b   Using smart card PIN - This option allows the administrator to specify a smart card
PIN as authentication.
c   Synchronize Endpoint Encryption password with Windows - This matches the
EEPC password to Windows (or other platforms) password, so that the user needs to
authenticate only the pre-boot authentication page.
9     Click Save in Policy Settings page, then click Save in Product Settings page.
Managing Endpoint Encryption users
Enabling Single Sign On (SSO) on a system
McAfee Endpoint Encryption 50Managing Endpoint Encryption users
Synchronizing the EEPC password with the Windows password

0 Kudos

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

Thanks so much for this I was missing the must match username box I thought it would be a tick box somewhere so once I have performed a wakeup agent task on the users machine I can assume it will synchronise his safeboot password with his windows password as his user account has already been added to the machine is this correct?

0 Kudos
mherrera
Level 9

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

yes

0 Kudos

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

I tried this and performed an agent wakeup but when the user rebooted he was still unable to login using his username it errored out saying Unknown User. Is there a section in the guide that details how to remove safeboot from a users machine?

0 Kudos
mherrera
Level 9

Re: Creating a Single Sign on Policy for EEPC 6.1

Jump to solution

I send the EEPC Guide v.6

Regards.

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22395/en_US/...

Message was edited by: SafeBoot - replaced embedded doc with link to KC version.  on 10/6/10 11:34:23 AM EDT
0 Kudos