7 Replies Latest reply on Sep 20, 2010 7:56 AM by marcinpl

    Files and Folders and Autoboot

      Hello everyone. I've got question about autologon in McAfee Endpoint Encryption menager v5. Is there any possibility to logon only to MS Windows while having Files and Folders alredy running? I've noticed that special user $autoboot$ doesn't work if I want to have Files and Folders policies to work. I tried to use that on test computers. On the others we've got typical policies plus F&F. Is it normal that after instalation that pack we are reciving small McAfee window to logon in MS Windows? What we want is to logon only to MS Windows (eliminate McAfee preboot screen) and use Files and Folders module and to not give users any chance to change their password. McAfee should set it's password to Windows' password. Is there any possibility to make it? Thank's for your help. Bye

        • 1. Re: Files and Folders and Autoboot

          Hi marcinpl,

           

          I've moved this thread to our Encryption community. Hopefully someone can help you soon!

          • 2. Re: Files and Folders and Autoboot

            no, it does not really work like that - EEFF expects to have it's own credentials at the moment (part of being PCI compliant etc).

             

            You can use EERM without any authentication, or you can use SSO between EEPC and EEFF, but without that, your users are going to have to authenticate prior to accessing any protected data.

             

            $autoboot$ is an EEPC only thing.

             

            Encryption without authentication is not really useful.

            • 3. Re: Files and Folders and Autoboot

              So I understand that there is no solution to avoid Files and Folders logon?

              • 4. Re: Files and Folders and Autoboot

                marcinpl wrote:

                 

                So I understand that there is no solution to avoid Files and Folders logon?

                 

                Is this true?

                 

                Can you not just have users login when they need to use the product, surely McAfee must understand that it is a pain for users to have to login twice?

                 

                 

                Message was edited by: benlcurrie on 08/03/10 08:30:11 CST
                • 5. Re: Files and Folders and Autoboot

                  I do not speak for McAfee, but I heard a rumor that the second logon is eliminated with the next release of EEFF (ePO/AD integrated?).

                   

                  Anyone from McAfee wish to confirm? Give us a little info?

                  • 6. Re: Files and Folders and Autoboot

                    You can't use EEFF without a login - remember, PCI insists that you keep encryption credentials and operating system credentials separate.

                     

                    you can use EERM though without a login, you just won't be able to use the EMM recovery keys. You'll have to use a stand-alone recovery password or a certificate.

                     

                    Yes, EEFF4 will use the Windows credentials, so it might not meet PCI compliance rules, but that's what customers have asked for.

                    • 7. Re: Files and Folders and Autoboot

                      Hello again.


                      We've developed solution for 2 users: usb and cd. When our users logon as "usb" to McAfee Files&Folders module they can't copy any data for removable media and CD's without encryption, when they logon as "cd" user they still can't copy data on removable media without encryption, but they can burn unencrypted CD's. We've noticed that when our users logon to EEFF as "usb" they have to do it after every reboot (just like we were talking in March - thank's SafeBoot), but when they logon as "cd" they logon only once. After reboot they are still loged on to EEFF. It looks strange - SafeBoot wrote it couldn't happen. Configurations for both users are exactly the same.Only difference is that user "cd" has unchecked box "Enforce Encryption on CD DVD operations" in the policy. Do you now what is the reason why only user "usb" has to logon to EEFF every time?