After a machine is encrypted, we want it to have pre-determined people (Admins) to be able to log into the computers. Right now, I figured out how to always manually add users to the machines (Encryption Users > Actions > Drive Encryption > Add Users). How can I just have it always auto add users to all the encrypted machines?
McAfee Drive Encryption 7.1.3
McAfee Agent 5.0.1
We created a specific user in the User Directory (ie. Not AD/LDAP), called it itaccess or itrecovery, then via 'Encryption Users' assign it at the My Organisation node in the System Tree. You could also use your admins' AD accounts or an AD group, but we didn't want AD password changes to get in the way if we wanted to log on to a machine that's been offline for 6 months and unaware of the half-dozen password changes that AD account has gone through. Hence using a User Directory account local to McAfee.
Do policy update on a machine, power it off, power it on and log in to Preboot as the above account, default password is 1234 I think? Set it a new complex password when prompted, or do a 'recover to password token' on that account to reset the password, then boot into Windows, make sure you do policy update / send events etc. so that the password gets uploaded to ePO.
That user account\password will work on all machines after they update their policy going forward.
If you meant auto-add the currently logged on user of the laptop at the time the activation takes place, there is a policy setting in MDE 'Product Settings' policy, on the 'Logon' tab, called Add Local Domain Users - tick it.