I am having trouble figuring out how to manage the polices for Endpoint encryption.
We have 3 different policies that are required for EE. One that has update number of sides turned on, one that has Update MBR enabled, and a third that has both of these options turned off. A machine that gets the wrong policy will fail to boot, or blue screen or otherwise not boot correctly.
As far as I can tell, policies can be difined on the individual machine or the group of machines in the system tree - and those are the only two options. I already have machines organized in the system tree for the other McAfee products we have. I have a group for really locked down machines, and then varying degrees of openness for HIPS and antivirus rules. I can't figure out how to introduce Endpoint Encryption into that mix. I now need to have a policy that is focusd entirely on the type of hardware. If it is a Lenovo laptop it has to get a certain EE policy. If it is a Dell laptop, it needs a different EE policy. But the Lenovo and the Dell might need to be in the same policy configuration for HIPS and VSE. Additionally, the computers auto sort on what OU they are in AD.
How should I be applying the EE policies. I would like it if I could tag a machine with a certain value and that tag would mean that It would apply a certain EE policy. Like I could have three tags for the three required types of endpoint encryption policies. Then depending on which tag the machine had applied - it would get the correct policy. I don;t think there is a way to do that though. I am totally stuck trying to figure out how to organize this. I don't want to assign policies at the individual computer level as that is way too much trouble to handle + I think it would be problematic in the future if the policy needed to change. There is a feature to filter tasks by tags. I am planning to use that feature for deployment. I will set up a EE deployment task and assign it to the computers that have a particular tag, but I don't think policies can work the same way.
I am curriuos to know how others are managing this. I am totally at a loss on how to do it.