4 Replies Latest reply on Jun 9, 2011 3:53 PM by DLarson

    Quantity of EEPC users per machine - 6.1

    rsterling

      Hi folks,

       

      Like most IT departments and organizations, wehave several devices which may be "Loaner Laptops" OR Laptops assigned to conference rooms where ALL potential users in your environment may need to log on.

       

      I have found so far that the default 20MB PBFS will only accept < 50 users.  I have increased the side to 50MB (form 30MB) and I was able to put in a recursive group which finally applied - this group is about 80 users.

       

      Well, like I said, I need the ability for ANYONE to log on AND due to agency policy we must retain the PBA screen.

       

      I understand the maximum limit is 500MB but this may lead to disk corruption.  Anhow, I am going to attempt to crank it up to 500 very soon to test and see what happens.  Once these unique shared machines have been encrypted, I will set the default back to 20MB.

       

      Does this all make sense to everyone?  It does to me (or I wouldn't be going down this track!  haha)

       

      Thanks again for listening everyone

       

      Rich Sterling

      NYS Agency

        • 1. Re: Quantity of EEPC users per machine - 6.1
          dwebb

          Users are sent down to the client in batches of 50....and the preboot will be displayed once that first batch is received

           

          Would recommend that you retry but leave the machine in windows for longer before rebooting.....

           

          If you do not use smartcard then it would be worth enduring that your ldap sync task does not sync certificates from ad As these take up space in the pbfs.

           

          You should be able to get well over 10 times more users in the pbfs than you are seeing

           

          Hope this helps

          • 2. Re: Quantity of EEPC users per machine - 6.1

            We have more than 300 people in two groups assigned many of our laptops.  We are running 6.1, with 6.0 this was problematic.  We can not say that all 300+ are on the device, but our experience is that we have not had any issues with devices that had been on line and so far anyone in the groups being able to walk up and logon to a device.  We are using the default 20Mb PBFS.  We encrypted them with the default PBFS, we assigned just the IT staff to kick off encryption, then once encryption kicks off we assign the group/groups that are needed.

            The time consumming part is that the device needs to pull the users/passwords/questions and it does that in blocks of 50 or 100, and if the interval is large then it may take hours/days to get all down.  We have our machines check in every 30 minutes, unless we manually pull we plan on a few hours for all 300 users to get to the devices.  Since we begin adding groups after the encryption begins, furing the couple hours to encryp the user groups are on the device.

            • 3. Re: Quantity of EEPC users per machine - 6.1

              I think there's a report now in 6.1 of the PBFS usage and capacity? not sure if it's readily exposed though. Certainly it's mentioned in the client logs...

              • 4. Re: Quantity of EEPC users per machine - 6.1

                Instead of doing a manual pull, perhaps you could use a script that uses cmdagent to trigger multiple ASCIs in a row as part of the install process. Or you could temporarily assign a more aggressive McAfee Agent policy (i.e. do an ASCI every 15 minutes). You could use a server task to query systems that have activated EEPC more than X time ago, then have the task automatically switch their policy back to a less aggressive one.

                 

                Other tips for increasing user capacity in the pre-boot environment

                1. If you're not using smartcards, then modify your EE LDAP Sync task so that the certificate field (4th field) is blank.
                2. Do not use "self recovery" in the UBP, or delete questions that are not used.