I'm quite sure you are right. From the doc, you have:
EEAgent queries the system for the domain users
that have logged on to the client. EEAgent will
then send the collected data to the ePO server
using data channels of McAfee Agent 4.5.0. The
collected data is a list of user names and the
Thanks for the clarification. On this same thread would this scenario work?
New user tries to logon to the laptop and cannot because they are not authorized to do so
New user calls our Helpdesk and the Helpdesk does a "Boot Machine once" procedure
User logs into Windows and ample time is given for a synch to EPO
User reboots machine
Would the "New User" now be added to the preboot environment?
It should be able to pre-boot afterwards. But encryption must be active and policies refreshed before user decides to re-boot.
1 of 1 people found this helpful
Kink- yes your scenario should work fine, keep in mind though this only works for domain users, not local users (yes I agree the config setting's name can be confusing).
Ok, now user is fired and you remove them from the PC via the encryption users window. If the user is signed on with the user and the McAfee agent synchs the user is re-assigned the PC automatically.
If I edit the policy and remove "Add Local Domain Users", synch the policy on the computer, remove the user via encryption users, and sync the agent, the user is not readded. However, I can still sign in at pre-boot with the user.
How can you stop this from happening and stop a user from signing on at pre-boot if they restart the computer?
Well, without having the "Add Local Domain Users" selected and removing the user, it finally denied the user login at pre-boot. I left the computer logged in as the user for a while before I rebooted it.
I'd like this to take effect as soon as the the agent synchs with the server.
I am still having an issue when the "Add Local Domain Users" is checked, the user is signed in, and their assignment is removed from the computer via encryption users. the user is readded the next time the agent collects and sends props.
this is to be expected - the Add local domain users is applied when the policy is applied. If you don't want it to automatically add users, you need to turn this option off.
So in the case where you have this option on and a user needs to be restricted from signing into pre-boot on a PC, what would you do?
Disable user in AD? Do not use this option?