We've got several laptops that are encrypted with EEPC 7.0.2. On each of the laptops I've worked on, it seems as though the McAfee logo only showed up once on each laptop seemingly at random times because I can't pinpoint the condition that caused the logo to be visible.
Currently, we're using Autoboot with Reactive Autoboot. So it would be ideal to have the logo visible on the Credential Tile as a visible indicator that we're working on an encrypted laptop.
Is there a way to ensure that the McAfee logo is on the Credential Tile? Is there a setting or a condition that isn't set correctly?
But if SSO is enabled, then EEPC will pass through the user creds and the credential tile won't even be seen. So I'm confused, under what conditions the logo will be seen on the Credential Tile?
you're using autoboot, so you are storing the encryption key on the disk in plain text, and relying on the Windows user credentials - SSO is not working for you because you're not doing pre-boot authentication, thus no tile.
The shield is only shown to indicate SSO data is going to be captured. As Simon says, if you're autobooting there is no "current EEPC user", and therefore nowhere to capture SSO to.
dwebb is correct. Logo only indicates that credentials are going to be captured.
and again correct: using autoboot doesn't even need a correct user to unlock / boot the laptop. And by the way: using autoboot in production as a permanent "solution" (eg as it's so nice for the users) is a very bad idea. Use it only e.g. during software deployment or maybe during EEPC enrollment to existing laptops. Maybe even better use local auto boot user / command line tool - e.g. for software distribution in situations like "boot once and continue installation".
Thank you everyone for the info.
But I've changed the policy so that Autoboot is disabled, assigned users for preboot authorization and applied it to the machines. After the policy has applied correctly, the laptop behaves as expected.
dwebb, your statement of "The shield is only shown to indicate SSO data is going to be captured." clarifies everything. Thanks!
meforum, I completely agree with you on what recommended as a solution on the use of autoboot. But it's the nature of the business in the environment that's dictating the use this way. With several hundred users on several hundred shared PC's rotating in and out of the business, (micro)managing the users on every one of these laptops is a nightmare. Plus, the business wasn't too keen on one default password for everyone (regardless of how complex) or no default password.
Thanks again everyone! I appreciate the information.
Please bear in mind that there is no security for systems that use traditional autoboot.
You might like to look into our 7.1 release which includes TPM autoboot which may be of interest going forward. This allows prebootless secure authentication by way of the TPM.