5 Replies Latest reply on Jan 22, 2015 10:56 AM by barvcontrol

    ePO Policy applied Windows SSO not working in McAfee Drive Encryption

    barvcontrol

      Hi There,

      I am new to ePO and drive encryption so please bear with me.

       

      I have had to install ePO v5.1.0 and test the drive encryption before I deploy out to my users. The agent I have deployed is 4.8.0. I am using Drive Encryption 7.1.1. I have edited the default policy to use SSO. I have also edited it to show a disclaimer. I have enforced the policy to this laptop but whenever I try to log on using my domain useranme and password, it does not allow me access to windows. Its says my password entry is disabled and the timeout to expire starts to countdown. Now i have checked the policy to not inherit, I have made sure the SSO is enabled. I have even put in our company disclaimer to make sure the policy is being pushed, which it is, because I can see it at the disk encryption login, but it just wont take my windows password. I am 100% sure I am typing it correctly along with my username. I have gone through the manual which suggests to make the policy 'not inherited'. I have added users from our AD so it is seeing our structure of users and groups. I have added my colleagues but they cannot log in. This is very frustrating and I am pulling my hair out!

       

      Am I missing something? Any advice or help is much appreciated.

       

      Thanks

        • 1. Re: ePO Policy applied Windows SSO not working in McAfee Drive Encryption
          Don_Martin

          Hello,

           

          there is the need of using an initial Passwort. The default is "12345" but you can change it within the EEPC/DE Policys. Give it a try and report back

          • 2. Re: ePO Policy applied Windows SSO not working in McAfee Drive Encryption
            barvcontrol

            Thanks for your reply.

             

            I have just tried that but it says "Password entry is disabled. You must wait for the timeout to expire"

             

            Password entry being disabled is throwing me. What does this refer to?

            • 3. Re: ePO Policy applied Windows SSO not working in McAfee Drive Encryption
              Don_Martin

              Mkay. As far as I can read between your lines you are not knowing where to look for changing some things (no harm mentioned, I'm just not as good in english as I wish to be for beeing polite in every manner and issue).

               

              Open your Policycatalogue, navigate to Drive Encryption 7.1, Choose "User based policys" and double check all tabs for beeing the way you want them to be. The beloved option to your timeout will be there as well as the possibility to change the standard/initial Password.

               

              After you checked the policys and all settings are the way you want them you have to assign a user if my brain is remebering this one correct and you also have to create a server LDAP Task. After this you can use "TAG's" or Groups for adding the policy to a system.

              Important is, that you do assign YOUR policys to the system. Check this one back with a click on your system so that "System Information" will open. On the bottom left you see then the action button. Navigate through the options until you find "Show assigend policys" and then llok out for which Policy is assigend for Drive Encryption 7.1. It should be yours, otherwise the System just use McAfee Default and can not work as you want it to.

              For assigning a policy just make use of TAG based assignement, Group Based assignment or for this one make a dedicated assignement. Please don´t bring me to explain this one to you, you would hate my english for this manner.

               

              Short: Open DE7.1 User Based Policy, Check your settings, Check your Policyassignement (verifiy the systems becomes YOUR Policy) and start over.

              • 4. Re: ePO Policy applied Windows SSO not working in McAfee Drive Encryption
                vidrine

                Have you ever logged into the Drive Encryption (DE) login page using your username?  If not, then your account is likely still set to the default password referenced in a post above.  If you have logged in with the default password before, then that would fall into other review/testing.

                 

                Can you post a screenshot of the DE Product Settings policy?  Or verify that you have some information configured?

                 

                Policy Catalog > Drive Encryption > Product Settings

                (1)  Add local domain users (and tag with 'EE:ALDU'):

                (2)  Enable SSO:

                 

                Other than review, I would suggest performing an Administrative Recovery on the workstation.  Select to "Reset Password Token" when the option presents itself.  This should prompt you to reset the password the PBFS has stored for your user account.  I would reset this to your Windows network password, and then attempt logging in with the newly reset credentials.  This should let you through the DE PBFS and hopefully pass the credentials via Windows GINA to continue the SSO.

                • 5. Re: ePO Policy applied Windows SSO not working in McAfee Drive Encryption
                  barvcontrol

                  Thanks for your help guys. All sorted now. As I am a noob to this system I think my user became out of sync. So I just removed myself and added again and it was fine.

                   

                  Cheers for your responses

                   

                  B