OK, I've encountered something weird with ePO 4.5.4 when trying to create new permissions sets.
Assume I have 2 active directory domains A and B and a full-trust relationship between them.
Each domain has LDAP server registered and synchronized in ePO.
Now, my new permission set includes an Active Directory group from domain A. This is a Universal group, so the group has members from both domains.
However, only users from domain A can access ePO console. The users from domain B can't login even though they are members of the group thus should have access.
Anyone seen this scenario ?
I assume I can create another group in domain B to hold the users from that domain, but that will add complexity when users are not assigned manually...
Well, if someone DOES read this :-), the problem has been confirmed by McAfee support and has been fixed in ePO 4.6