I am in the process of testing to bring a new encryption server online using EPO 5.0.1 and I will be using EEPC v7.0.2.
My question is this: I will be adding an admin account that myself and about 7 other people will use to access any encrypted laptop in my organization. We are currently using EEPC 5.2.12. There is a "feature" where if the password for the existing account should be changed, it would be recorded by the encryption server. The next time any laptop would communicate with the server, this new password would be recognized. We now have three possible passwords that can be used with one account as a result.
Has the newer version of EEPC/EPO done away with this? I would like to create new admin accounts for use with version 7.0.2 of EEPC and don't want the password to change - ever. Can I create a policy that would allow for this?
What you should do is just assign the personal accounts for the 7 of you to each machine, then you will have proper audit of what you all are doing.
Shared accounts are a big mistake generally.
We all used shared accounts for years before tech finally caught up and gave us other choices - I think you will find it easier going forward to use your own account, it certainly makes the accountability problems easier.
Let us know how you get on - many people on this forum have the same challenges.
So, I've been testing and have been having some success with using my own admin account. One of my colleagues tried his account today and his account immediately timed out. Not sure what happened there as I don't think he's used DE 7.1 up until today. It looks like to my mind, that using our own admin accounts, along with one other admin account that we can all use, should do fine for us. I've been able to create a standalone admin account on my EPO server that will serve that additional account role.
I've further created an assignment rule that picks up on a policy I set up to ensure that the admin account that is standalone doesn't expire. Is this the correct way to do that, or is there another option that I am not aware of?