cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Standalone offline Encryption 7.1.3

Hi everyone,

I have a question concerning the offline encryption process for standalone machines that will have NO connectivity to ePO.  I followed the instructions outlined in https://community.mcafee.com/community/business/data/epoenc/blog/2012/12/19/offline-activation-for-e... offline encryption process and was able to encrypt my standalone machine.  I have a question concerning the Mcafee password options, which appears to require the user to change the password every 30 days even though Windows local policy are set for every 90 days.  Is there a way to update the offline encryption EpeOaGenxml file to make Mcafee use the Winodows local policy password settings?

I tried updating the encryption user based policies before exporting the policy file from the ePO server but when I run the EpeOaGenxml application, the xml file that gets generated still shows the default password is set to 30 days.  I tried manually changing this to something else, before running the offline activation, but it doesn't appear to change anything.

I also look at the offline encryption FAQ and it doesn't state that the password settings can be updated so I'm at a lost.  Has anyone had any success using the offline encryption?

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Standalone offline Encryption 7.1.3

The policy in ePO is exported to capture the ePO public key which is contained in the policy. This is used to encrypt the recovery information that can be generated upon activating MDE using the offline activation exe.

All policy options are set using command line switches on the EpeOaGenXml.exe. There is not an option to change the number of days from 30. Please submit an Idea to the Idea Forum to request this functionality be added:

Intel Security Ideas Forum

Below are the options that can be set. These can be seen by running the --help switch on EpeOaGenXml.exe.

EpeOaGenXml.exe --help

Copyright (C) 2012-2013 McAfee, Inc.  All Rights Reserved.

Offline Activation:

Info:

  --help                Display help message

  -v [ --version ]      Display version

  -p [ --platform ] arg Select target platform:

                        - PC (default)

                        - MAC

Policy Configuration Options:

  --BackupMachineKey arg Enable backup of encrypted machine key <true>

  --Recovery arg        Valid path to recovery file <C:\EERecovery.xml>

  --TempAutoboot arg    Enable temporary autoboot <false>

  --Autoboot arg        Enable autoboot <false>

  --DontDisplayUser arg  Do not display the previous username <false>

  --OpalPbfsSize arg    Set PBFS size (MB) for Opal drives <50>

  --RequirePwdChange arg Require user changes their password <true>

  --UserSelfRec arg      Enable User Self Recovery Enrollment <true>

  --UseScPin arg        Use smartcard PIN <false>

PC only options:

  --Sso arg            Enable single sign-on <false>

  --BootMgr arg        Enable boot manager <false>

  --PbfsSize arg        Set PBFS size (MB) <50>

  --MatchUsername arg  Username must match Windows logon username <true>

  --PrebootUsb arg      Enable USB in preboot <true>

  --DisablePF arg      Disable power-fail recovery during initial encryption

                        <false>

  --SkipUnused arg      Skip unused sectors during initial encryption <false>

                        By using the SkipUnused feature you accept the risk

                        that sensitive data present in sectors unused by the

                        filesystem will not be protected.

User Config File:

  --user-file arg      User file <name:token>

                        Available Tokens...

                        - Password

                        - Gemalto

                        - ActivID

                        - PIV

                        - CAC

Highlighted

Re: Standalone offline Encryption 7.1.3

Thanks for the update, I was aware of the options under EpeOAGENXML.  Was hopting that there was some way to update or remove the McAfee password policies prior to activation.  Thanks

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community