I'll try to be brief and yet descriptive enough to get some help. We are in dev to deploy EEFF 3.2.5 along-side existing EEPC 5.2.5 and we have a MAJOR problem. We have 3 types of users and therefore 3 separate policies. We are using SSO to prevent multiple logons, and it's highly recommended, if not required for us to maintain SSO.
Admin = Encrypt Removable, not CD/DVD
Office = Encrypt Removable and CD/DVD
Engineering = Encrypt NOTHING
Short explaination for differences, on occasion, we need to burn .iso for various things in the admin environment. Engineering users must transfer data to external media to then transfer to machinery in the manufacturing area. This cannot be encrypted, as most are not Windows based.
So, here's the deal breaker.
I've made an install set from the Engineering policy, which I don't think is relevant, but I log onto EEPC with an Admin user. This user gets SSO and his policy to encrypt as expected. The Admin user logs off, the Engineering user logs on. The Engineer is NOT prompted for credentials. He then access a USB drive and any data he saves IS ENCRYPTED.
This scenario is repeatable if I log onto EEPC with the Engineering user, he gets proper policy and when logs off, the Admin user does not get proper policy.
In either case, the second user appears to be maintaining the EEFF policy and such from the user that initially passed through EEPC with SSO.
If the second user manually chooses to sync to EEFF and authenticate, they get the proper policy, but again, if they log off, the next person along does not.
The conclusion I get from this is that when a user logs off, the key and therefore the policy, IS NOT DELETED. This is in direct contrast to the description on page 46 of the EEFF 3.2.5 Administration Guide.
: When doing a Windows logoff, all the encryption keys are automatically closed. Thus, for each new
Windows logon, a Endpoint Encryption for Files and Folders authentication is required in order to access
SAFEBOOT PLEASE HELP ME