This content has been marked as final. Show 15 replies
ePO would do it for you, or you can use the API in your login script or something to ask each client. (GetCryptState)
can you please give me a bit more info?
how can i use an API in a login script?
where do i get the API?
1. http://www.mcafee.com/us/enterprise/products/security_compliance_management/epol icy_orchestrator.html
2. Depends of course on what language the script is it, but for example if it's a batch file you could simply call sbadmcl.exe -command:getcrypystate >t.txt and then do some analytics on the output
3. You got it with the product - Its in EEM/SafeBoot Management Center along with the manuals (SBAdmCL Scripting Tool Administrators Guide)
I hope that helps.
HI, i don't have access to ePO, i think it's another product and needs to be purchased, right?
if a use the sbadmcl.exe -command:getcryptstate >t.txt
It will only get me the status of the computers with safeboot installed.
What i need is find out if there are any computers without safeboot installed on the domain.
what happens if you run the command on a machine without EEPC installed?
ePO is included with your purchase of EEPC. You can get hold of it, but it's heavy - it's an enterprise class management system so you may not want to invest the time and energy to install it unless you have a lot of PCs.
Just run the sbadmcl.exe command in your login script or something, and write some logic to append the machine name to a file if EEPC is not installed. You'll soon build up a list of the machines which are not protected.
remember, just looking for the files of EEPC won't tell you if the machine is protected or not - you need to check the crypt state. That will tell you one of three things:
1. not installed
2. installed but not protected
3. installed and protected
it's the "not item 3" which you really need to track.
Hi, thanks for your help, when i run the command
sbadmcl.exe -command:getcrypystate >t.txt
in my safeboot server i get this in the output file:
McAfee Endpoint Encryption Scripting Tool
Copyright © 1991-2008 McAfee, Inc. All Rights Reserved.
Executable version : 126.96.36.199
DLL version : 188.8.131.52
Command = getcryptstate
ResultCode = 0xe0020018
ResultDescription = Endpoint Encryption disk driver not present
What am i doing wrong?
is your SafeBoot Server also encrypted with Device Encryption?
if not, then nothing is wrong at all.
Hi, you are right...
I run it now with an encrypted machine and got the right output
State = Full
State = Full
State = None
But if i run this as a startup script i'm gonna end with loads of txt files with i am going to have to check manually for the success report and then check whether if they are laptops or not.
I am talking on a enviroment of around 1500 machines with 600 laptops encrypted.
Will it be better to install ePO?
why not write a little script to do the processing of the output for you, and as I suggested above only do something if you discover the "not installed" situation?
if you use the WMI/Com version of the API instead of the batch file you can simply process the XML output rather than piping to a file etc.