cancel
Showing results for 
Search instead for 
Did you mean: 

MNE 4.1 - Can i limit the access to recovery keys for group adminsitrators

Hi,

we have some adminsitrators which administrate only specificed groups in the company. Is it possible to limit their access to the recoverykeys of Bitlocker/FileVault to 1 or 2 sub-OU-groups of the AD / imported structure ?

Best regards

2 Replies
McAfee Employee hhoang
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: MNE 4.1 - Can i limit the access to recovery keys for group adminsitrators

Maybe I am not fully understanding your scenario - but if your subgroup of administrators already only has access to specific system tree groups in EPO then they should only be able to access keys from those systems (Actions > McAfee Management of Native Encryption > McAfee Management of Native Encryption Recovery).  If you have not restricted system tree access already it can be found in the EPO permission set configuration under 'System Tree access'.  If this is not the case could you clarify which form of key access you are attempting to restrict?

Re: MNE 4.1 - Can i limit the access to recovery keys for group adminsitrators

Hi thanks for the reply,

i already, limited the access rights for the system tree groups in EPO but over the menue McAfee Management of Native Encryption i can still access the recovery information from the hole company after enter the right appleid / bitlocker recoveryid. In the administrative right section i can´t specify the access for this modul (only allow/deny), but if i remove the access right for the group they also can´t see the recovery information in the system tree group for the subgroup too.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator