The policy in ePO is exported to capture the ePO public key which is contained in the policy. This is used to encrypt the recovery information that can be generated upon activating MDE using the offline activation exe.
All policy options are set using command line switches on the EpeOaGenXml.exe. There is not an option to change the number of days from 30. Please submit an Idea to the Idea Forum to request this functionality be added:
Below are the options that can be set. These can be seen by running the --help switch on EpeOaGenXml.exe.
Copyright (C) 2012-2013 McAfee, Inc. All Rights Reserved.
--help Display help message
-v [ --version ] Display version
-p [ --platform ] arg Select target platform:
- PC (default)
Policy Configuration Options:
--BackupMachineKey arg Enable backup of encrypted machine key <true>
--Recovery arg Valid path to recovery file <C:\EERecovery.xml>
--TempAutoboot arg Enable temporary autoboot <false>
--Autoboot arg Enable autoboot <false>
--DontDisplayUser arg Do not display the previous username <false>
--OpalPbfsSize arg Set PBFS size (MB) for Opal drives <50>
--RequirePwdChange arg Require user changes their password <true>
--UserSelfRec arg Enable User Self Recovery Enrollment <true>
--UseScPin arg Use smartcard PIN <false>
PC only options:
--Sso arg Enable single sign-on <false>
--BootMgr arg Enable boot manager <false>
--PbfsSize arg Set PBFS size (MB) <50>
--MatchUsername arg Username must match Windows logon username <true>
--PrebootUsb arg Enable USB in preboot <true>
--DisablePF arg Disable power-fail recovery during initial encryption
--SkipUnused arg Skip unused sectors during initial encryption <false>
By using the SkipUnused feature you accept the risk
that sensitive data present in sectors unused by the
filesystem will not be protected.
User Config File:
--user-file arg User file <name:token>
Thanks for the update, I was aware of the options under EpeOAGENXML. Was hopting that there was some way to update or remove the McAfee password policies prior to activation. Thanks