I am asking for opinions on this issue. I currently have a SR open with McAfee regarding the "Disable Pre-Boot Authentication When Not Synchronized" setting. I have found the "Last Synch" date is reset on a policy enforcement event and NOT a successful EPO ASCI event. This means a machine could be kept unlocked indfefinetely without synching with the EPO server or being on any sort of network. I think this setting should operate much like the 5.x, where if it does not talk to the Safeboot server in X amount of days the machine is disabled. The last I heard from McAfee on this they are telling me its working as intended. I disagree. either treat it as a bug or change the setting name to "Disable if policy enforcement has not run"..
Opinion... Do you think the setting should be based on a policy enforcement date or last successfull ASCI date with your EPO server(s).
Thanks for listening.
The policy can be enforced without access to EPO. It will enforce policy based on what policies are on the machine. The is set via a McAfee agent setting.