1 2 Previous Next 10 Replies Latest reply on Oct 6, 2010 10:28 AM by gankmasterflex

    Creating a Single Sign on Policy for EEPC 6.1

      Hi All,

       

      We have recently upgraded our AV server to EPO 4.5 patch 3 and I have successfully installed EEPC 6.1 and I have it installed on a couple of machines just for now to complete testing however there is one issue that I am a little confused on and I am sure it is probably just a tick box somewhere but I have the SSO option ticked in the policy however it doesn't seem to work. Is there any documentation or does anybody know how to create a single sign on option policy for all of my safeboot users so that they can login and authenticate via safeboot using their windows username and password? My boss has agreed to be the guinea pig so I have to get this right first time or I'll end up taking a long stroll down washout lane lol.

       

      If anybody could point me in the right direction I would greatly appreciate it.

       

      Many thanks.

        • 1. Re: Creating a Single Sign on Policy for EEPC 6.1

          What version of EEPC have exactly installed? 6.0.1?

          I think EEPC 6.1 is beta version.

          • 2. Re: Creating a Single Sign on Policy for EEPC 6.1

            It is EEPC 6 Patch 1 so I assume that this is 6.0.1?

            • 3. Re: Creating a Single Sign on Policy for EEPC 6.1

              Yes, version 6.1 is not yet available.

              • 4. Re: Creating a Single Sign on Policy for EEPC 6.1

                Ah cool thanks for pointing that out so do you have any ideas about how I go about getting a single sign on policy set up for this version of EEPC? Currently I have the SSO box checked and password must match windows password box checked but that still does not appear to work am I missing something?

                • 5. Re: Creating a Single Sign on Policy for EEPC 6.1

                  You've followed the steps in the Guide Product? See pages 50-51

                   

                   

                  Enabling Single Sign On (SSO) on a system
                  Use this task to enable SSO on a system. This option enables the Single Sign On which allows
                  the user to log into the system with a single authentication process. It allows auto login to the
                  system once the user authenticates through the pre-boot authentication page.


                  NOTE: The SSO feature is applicable for Windows based systems only.
                  How does EEPC control the Windows Logon mechanism?


                  EEPC intercepts the Windows Logon mechanism using a Passthrough Shim Gina on Windows
                  NT, 2000, 2003, and XP and a Credential Provider on Vista. On Windows 2000 and XP
                  operating systems, a custom .ini file (EPEPCGINA.INI) is used to help EEPC analyze the logon
                  page and port the credentials into the correct boxes on the logon page. In Windows VISTA,
                  Microsoft has replaced the original MSGINA (Graphical Identification and Authentication) with
                  a new method called Microsoft Credential Provider.
                  EEPC supports the Single Sign On architecture and implements a Credential Provider to
                  communicate with Windows. EEPC displays each token as a potential logon method. While
                  logging into EEPC, it prompts for your Windows credentials only for the first time and EEPC
                  stores the Windows credentials securely. On subsequent logon events, EEPC retrieves the stored
                  Windows credentials to logon.
                  Task
                  For option definitions, click ? in the interface.
                  1     Click Menu | Systems | System Tree. The systems page appears. Select the desired
                  group under System Tree pane on the left.
                  2     Select the desired System, then click Actions | Agent | Modify Policies on a Single
                  System. The Policy Assignment page for that system appears.
                  3     Select Endpoint Encryption 1.1.0 from the Product drop-down list. The policy
                  Categories under Endpoint Encryption appear with the system's assigned policy.
                  4     Select the Product Settings policy category, then click Edit Assignments. The Product
                  Settings page appears.
                  5     If the policy is inherited, select Break inheritance and assign the policy and settings
                  below next to Inherit from.
                  6     Select the desired policy from the Assigned Policy drop-down list, then click Edit Policy.
                  The policy settings page appears.
                  NOTE: From this location, you can edit the selected policy, or create a new policy.
                  7     Click Log On tab, then select Enable SSO under Windows pane.
                  8     Select the options Must match user name, Synchronize Endpoint Encryption
                  password with Windows, and Using smart card PIN if required.
                  a   Must match user name - This option ensures the SSO details are only captured when
                  the user’s Endpoint Encryption and Windows IDs match.
                  b   Using smart card PIN - This option allows the administrator to specify a smart card
                  PIN as authentication.
                  c   Synchronize Endpoint Encryption password with Windows - This matches the
                  EEPC password to Windows (or other platforms) password, so that the user needs to
                  authenticate only the pre-boot authentication page.
                  9     Click Save in Policy Settings page, then click Save in Product Settings page.
                  Managing Endpoint Encryption users
                  Enabling Single Sign On (SSO) on a system
                  McAfee Endpoint Encryption 50Managing Endpoint Encryption users
                  Synchronizing the EEPC password with the Windows password

                  1 of 1 people found this helpful
                  • 6. Re: Creating a Single Sign on Policy for EEPC 6.1

                    Thanks so much for this I was missing the must match username box I thought it would be a tick box somewhere so once I have performed a wakeup agent task on the users machine I can assume it will synchronise his safeboot password with his windows password as his user account has already been added to the machine is this correct?

                    • 8. Re: Creating a Single Sign on Policy for EEPC 6.1

                      I tried this and performed an agent wakeup but when the user rebooted he was still unable to login using his username it errored out saying Unknown User. Is there a section in the guide that details how to remove safeboot from a users machine?

                      • 9. Re: Creating a Single Sign on Policy for EEPC 6.1

                        I send the EEPC Guide v.6

                        Regards.

                         

                        https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22395/en_US/eepc_600_product_guide_en-us.pdf

                         

                         

                        Message was edited by: SafeBoot - replaced embedded doc with link to KC version.  on 10/6/10 11:34:23 AM EDT
                        1 2 Previous Next