1 2 Previous Next 14 Replies Latest reply on May 21, 2010 10:32 AM by jsiergiej

    Add local domain users


      Can somebody clarify how this setting works in EEPC 6.0.1? Does this setting look at the local users on a machine and then add these users to the Preboot authorized users for this one machine? Or does it do something else? Thanks in advance.

        • 1. Re: Add local domain users

          I'm quite sure you are right. From the doc, you have:


          EEAgent queries the system for the domain users
          that have logged on to the client. EEAgent will
          then send the collected data to the ePO server
          using data channels of McAfee Agent 4.5.0. The
          collected data is a list of user names and the
          domain names.

          • 2. Re: Add local domain users

            Thanks for the clarification. On this same thread would this scenario work?

            New user tries to logon to the laptop and cannot because they are not authorized to do so

            New user calls our Helpdesk and the Helpdesk does a "Boot Machine once" procedure

            User logs into Windows and ample time is given for a synch to EPO

            User reboots machine

            Would the "New User" now be added to the preboot environment?

            • 3. Re: Add local domain users

              It should be able to pre-boot afterwards. But encryption must be active and policies refreshed before user decides to re-boot.

              • 4. Re: Add local domain users

                Kink- yes your scenario should work fine, keep in mind though this only works for domain users, not local users (yes I agree the config setting's name can be confusing).

                1 of 1 people found this helpful
                • 5. Re: Add local domain users

                  Ok, now user is fired and you remove them from the PC via the encryption users window.  If the user is signed on with the user and the McAfee agent synchs the user is re-assigned the PC automatically.


                  If I edit the policy and remove "Add Local Domain Users", synch the policy on the computer, remove the user via encryption users, and sync the agent, the user is not readded.  However, I can still sign in at pre-boot with the user.


                  How can you stop this from happening and stop a user from signing on at pre-boot if they restart the computer?



                  Message was edited by: Jack Siergiej on 5/18/10 10:54:44 AM CDT
                  • 6. Re: Add local domain users

                    Well, without having the "Add Local Domain Users" selected and removing the user, it finally denied the user login at pre-boot.  I left the computer logged in as the user for a while before I rebooted it.


                    I'd like this to take effect as soon as the the agent synchs with the server.


                    I am still having an issue when the "Add Local Domain Users" is checked, the user is signed in, and their assignment is removed from the computer via encryption users.  the user is readded the next time the agent collects and sends props.

                    • 7. Re: Add local domain users

                      this is to be expected - the Add local domain users is applied when the policy is applied. If you don't want it to automatically add users, you need to turn this option off.

                      • 8. Re: Add local domain users

                        So in the case where you have this option on and a user needs to be restricted from signing into pre-boot on a PC, what would you do?

                        • 9. Re: Add local domain users

                          Disable user in AD? Do not use this option?

                          1 2 Previous Next