cancel
Showing results for 
Search instead for 
Did you mean: 
pascal_beks
Level 7

McAfee Drive Encryption 7.1.0 PBA password multiple computers

Hi All,

I have a question that this community probably can help me out with.


For a customer we are in the testing fase of McAfee Drive Encryption 7.1.0.

Scenario:

McAfee EPO 4.6 is used the manage/deploy Drive Encryption for Windows 7 client computers.

Single Sign On will not be used for Drive Encryption.

EE:ALDU (Add all previous and current domain users of the system) is enabled in the Drive Encryption Product Settings policy

When I want to deploy DE to a computer/user I tag the system for the deployment of the DE software, add the user to a AD group and enable the UBP. All is going well. Drive Encryption installs/activates and PBA is activated. The user enters his username (created by ALDU) and the  initial password and DE prompts to change it. No problem sofar.

But what will happen in the following scenario? The user has a second Windows 7 computer also tagged for installation of Drive Encryption. Because the user will also use the same AD account on this second computer, DriveEncryption will install and activcate. He enters the AD account (same as other computer) as username for PBA and the initial password and is prompted to change. The Windows 7 OS boots.

My Question: Will the PBA password for this user "sync" between these two computers? How does this mechanism, if any, work?

I tested it in a lab and my conclusion was that different passwords can co-exist for an PBA account based on the same AD account.

However an end-user reports that it will only  work if he sets up the PBA password the same for both computers.

So I have 2 different results here. What am I missing?

Hope someone can help.

If any more information is needed, let me know.

Kind regards,

Pascal

1 Reply
SafeBoot
Level 21

Re: McAfee Drive Encryption 7.1.0 PBA password multiple computers

You can only have one password per user in epo. Machines will sync changes to EPO and epo will sync them back to all the machines the user is registered to.

Your situation will only occur if you change the password on two machines before they have a chance to upload the changes to epo.

0 Kudos