2 Replies Latest reply on Nov 7, 2013 1:35 PM by SafeBoot

    ePO 4.6 Policy Assignment Rules and EEPC 7.0.2

    doktorbanner

      I am using ePO 4.6 w/EEPC 7.0.2, we have users that are permitted to use their password only token and others that are required to use a RSA Stored Value Token.  Our default policy, which is applied to the system, states to use password only.  I have created a Policy Assignment Rule that applies to our domain users which require the stored value authentication.  I have also enabled the User Based Policy setting for the specific users.  When I apply the Policy Rule to the system using the Domain Group Membership as my user criteria I receive the following error:

       

      ERROR

                 
                

      EpoPlugin

                 

      userHandler: OptIn user (i.e. non-default UBP user) [QASRV\activ121_self_init] has incomplete UBP (missing UBP/Ident) which is preventing activation.  (I pulled this from a McAfee KB article)

      If I configure the Policy Rule User Criteria to apply to a specific Stored Value Token user the issue does not exist.  From an administration perspective adding users to the Policy Rule is ineffecient and will not work in the bigger picture.  My question is how does this need to be configured to have the Domain Group Membership setting work?

       

      The user in question is a member of the Domain Group I am trying to apply this Policy Rule to.