Is there some way to set a policy to allow automatic bypass of PBA if the computer is connected to a specific network?
For instance we need desktop computers to autoboot when they are locally connected our LAN, however, if the desktops where stolen and powered on either offline or connected to some other network, PBA should pop up.
We already have this feature on the full disk encryption software we currently use and don't want to lose it. During bootup, it pings selected IPs and if there is no response it shuts down and goes to PBA when it is restarted, but if succesfully pings the devices, it allows the user to log into Windows without needing PBA. Very convenient for desktop PCs that should always be on the network 24/7.
We also need users who are working from home to be able to reboot their workstations using their Remote Desktop connection if they need to reboot due to a software installation or a Windows issue. If there is a PBA prompt during the system reboot, they will not be able to get back into the system remotely.
Is there any way bult into EEPC for remote users to handle this?
Solved! Go to Solution.
Hello,
You may want to look at the Out Of Band - Unlock PBA feature available with AMT and EEPC v7.0.
For more information see the https://kc.mcafee.com/corporate/index?page=content&id=PD24140 page 95.
HTH,
Fausto
Hello,
You may want to look at the Out Of Band - Unlock PBA feature available with AMT and EEPC v7.0.
For more information see the https://kc.mcafee.com/corporate/index?page=content&id=PD24140 page 95.
HTH,
Fausto
I'm looking for something that would allow an end user to restart their desktop PC from a RDP connection without IT assistance.
The Out of Band looks like something for IT use only. So, the end user would have to call the help desk and be out of luck if they needed to reboot the desktop or if an application crashed and forced an unexprect reboot while working at home outside of help desk hours.
So, McAfee Full Disk Emcryption For PC 7.0 does not have anything that works like Network Location Awareness that exempts PBA as long as the desktop PC is on an approved network?
Is there any option to set PBA for cold boot only and not for a user initiated system restart?
Hello,
The usage case for this feature does what you are looking for as long as the policy is set in ePO and the users are educated to wait slightly longer due to the need to contact ePO to unlock preboot.
Have a look at the documentation I quoted above, you may also want to have a look at the summary and video available at https://community.mcafee.com/community/business/data/epoenc/blog/2012/12/19/how-to-use-out-of-band-u...
HTH,
Fausto
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA