cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 8

How to encrypt a PC without joining in AD

Hello,

I have a one big issue. I should encrypt a PC that is not joined in AD and will not in the future.

Company needs to encrypt PC with local windows user only.

1) I have standalone deployd McAfee Agent, EEPC Agent and EE Windows. (I'm using ePO 4.6 EEPC 6.1.3)

2) What is the next step? How to set a user for encryption? without LDAP sync?

Has a McAfee any solution for PC's that are not joined in AD? any docs?

thanks in advance


Message was edited by: frince on 8/7/12 4:26:31 PM CDT
7 Replies
SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: How to encrypt a PC without joining in AD

The PC does not have to be part of the AD, but users assigned to it do if you are using EEPC6 (EPO only knows how to read users from AD).

If you want something completely stand alone with no connection to AD at all, you can use EEPC5 which has self-contained user management.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 8

Re: How to encrypt a PC without joining in AD

SafeBoot

thanks, as always you are first helping me, but to be honest, I really don't understant why in new version EEPC 6.x.x has not self-contained user management?

I think all company have some laptops that should be encrypted completely stand alone.

1) What documentation I need to download to provide solution what I'm searching for (with EEPC 5)?

2) As I gues, I do not need to change my current topology in ePO. I will install only EEPC5 agents on a single PC.

Message was edited by: frince on 8/7/12 5:11:31 PM CDT
SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: How to encrypt a PC without joining in AD

Really because most people who use EPO (not all!) also have AD as well - it was designed for the mid-size and up market.

EPO will get stand alone user management towards the end of this year, or maybe even sooner, in EEPC7.1

re your questions though

1. Not sure what you need - your McAfee rep can get you everything for EEPC5 though, and also you'll find it in kc.mcafee.com?

2. No, EEPC5 barely uses EPO (it's optional for reporting and deployment only) - EEPC5 is a stand alone self contained environment.

Remember though - EEPC6 does not need the machine to be part of AD - it just needs you to assign users from AD to the machine (so there are some names of people to login) - if the machine is not part of the domain, it does not matter. 

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 8

Re: How to encrypt a PC without joining in AD

SafeBoot

SafeBoot wrote:

Really because most people who use EPO (not all!) also have AD as well - it was designed for the mid-size and up market.

EPO will get stand alone user management towards the end of this year, or maybe even sooner, in EEPC7.1

I'm waiting of this version (EEPC7)

re your questions though

1. Not sure what you need - your McAfee rep can get you everything for EEPC5 though, and also you'll find it in kc.mcafee.com?

2. No, EEPC5 barely uses EPO (it's optional for reporting and deployment only) - EEPC5 is a stand alone self contained environment.

If so, than I will install on a standalone PC EEPC5

Rember though - EEPC6 does not need the machine to be part of AD - it just needs you to assign users from AD to the machine (so there are some names of people to login) - if the machine is not part of the domain, it does not matter.

I don't understand, If a PC is not joined in AD, how user from AD can login into a PC? Why I need to assign users to the mashine if this mashine does not recognizes AD /LDAP users?

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 8

Re: How to encrypt a PC without joining in AD

The thing to remember is your Encryption account is in fact not your AD account. They are 2 seperate entities and AD is just the mechanism for generating Encryption users. Create an account in AD for the user in question and assign it to the client which is not part of AD. As long as SSO is disabled on the client in question you will be able to sign in with the new Encryption account and sign into windows with whatever credentials they used previously.

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 8

Re: How to encrypt a PC without joining in AD

jontownsend wrote:

The thing to remember is your Encryption account is in fact not your AD account. They are 2 seperate entities and AD is just the mechanism for generating Encryption users. Create an account in AD for the user in question and assign it to the client which is not part of AD. As long as SSO is disabled on the client in question you will be able to sign in with the new Encryption account and sign into windows with whatever credentials they used previously.

OK, For a PC encryption, ePO needs to generate users from AD/LDAP, without this it will not encrypt, am I right?

As I understand this option is only for starting encryption process on a PC that needs ePO, because before/after thsi encryption we can not use/login with assigned AD user on a PC

Former Member
Not applicable
Report Inappropriate Content
Message 8 of 8

Re: How to encrypt a PC without joining in AD

Yes you cannot start Encryption without a user assigned to the client. The AD account will purely be used to sign in to the device through pre-boot. It actually has nothing at all to do with AD it is just a means of getting through encryption. It will then drop you at the normal Windows logon prompt where you can enter your Non AD credentials to access the laptop.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community