What version of EEPC have exactly installed? 6.0.1?
I think EEPC 6.1 is beta version.
It is EEPC 6 Patch 1 so I assume that this is 6.0.1?
Yes, version 6.1 is not yet available.
Ah cool thanks for pointing that out so do you have any ideas about how I go about getting a single sign on policy set up for this version of EEPC? Currently I have the SSO box checked and password must match windows password box checked but that still does not appear to work am I missing something?
1 of 1 people found this helpful
You've followed the steps in the Guide Product? See pages 50-51
Enabling Single Sign On (SSO) on a system
Use this task to enable SSO on a system. This option enables the Single Sign On which allows
the user to log into the system with a single authentication process. It allows auto login to the
system once the user authenticates through the pre-boot authentication page.
NOTE: The SSO feature is applicable for Windows based systems only.
How does EEPC control the Windows Logon mechanism?
EEPC intercepts the Windows Logon mechanism using a Passthrough Shim Gina on Windows
NT, 2000, 2003, and XP and a Credential Provider on Vista. On Windows 2000 and XP
operating systems, a custom .ini file (EPEPCGINA.INI) is used to help EEPC analyze the logon
page and port the credentials into the correct boxes on the logon page. In Windows VISTA,
Microsoft has replaced the original MSGINA (Graphical Identification and Authentication) with
a new method called Microsoft Credential Provider.
EEPC supports the Single Sign On architecture and implements a Credential Provider to
communicate with Windows. EEPC displays each token as a potential logon method. While
logging into EEPC, it prompts for your Windows credentials only for the first time and EEPC
stores the Windows credentials securely. On subsequent logon events, EEPC retrieves the stored
Windows credentials to logon.
For option definitions, click ? in the interface.
1 Click Menu | Systems | System Tree. The systems page appears. Select the desired
group under System Tree pane on the left.
2 Select the desired System, then click Actions | Agent | Modify Policies on a Single
System. The Policy Assignment page for that system appears.
3 Select Endpoint Encryption 1.1.0 from the Product drop-down list. The policy
Categories under Endpoint Encryption appear with the system's assigned policy.
4 Select the Product Settings policy category, then click Edit Assignments. The Product
Settings page appears.
5 If the policy is inherited, select Break inheritance and assign the policy and settings
below next to Inherit from.
6 Select the desired policy from the Assigned Policy drop-down list, then click Edit Policy.
The policy settings page appears.
NOTE: From this location, you can edit the selected policy, or create a new policy.
7 Click Log On tab, then select Enable SSO under Windows pane.
8 Select the options Must match user name, Synchronize Endpoint Encryption
password with Windows, and Using smart card PIN if required.
a Must match user name - This option ensures the SSO details are only captured when
the user’s Endpoint Encryption and Windows IDs match.
b Using smart card PIN - This option allows the administrator to specify a smart card
PIN as authentication.
c Synchronize Endpoint Encryption password with Windows - This matches the
EEPC password to Windows (or other platforms) password, so that the user needs to
authenticate only the pre-boot authentication page.
9 Click Save in Policy Settings page, then click Save in Product Settings page.
Managing Endpoint Encryption users
Enabling Single Sign On (SSO) on a system
McAfee Endpoint Encryption 50Managing Endpoint Encryption users
Synchronizing the EEPC password with the Windows password
Thanks so much for this I was missing the must match username box I thought it would be a tick box somewhere so once I have performed a wakeup agent task on the users machine I can assume it will synchronise his safeboot password with his windows password as his user account has already been added to the machine is this correct?
I tried this and performed an agent wakeup but when the user rebooted he was still unable to login using his username it errored out saying Unknown User. Is there a section in the guide that details how to remove safeboot from a users machine?
I send the EEPC Guide v.6