McAfee Endpoint Encryption provides superior encryption across a variety of endpoints such as desktops and laptops. The Endpoint Encryption solution uses strong access control with Pre-Boot Authentication (PBA) and a NIST-approved algorithm to encrypt data on endpoints. Encryption and decryption are completely transparent to the end user and performed without hindering system performance. Administrators can easily implement and enforce security policies that control how sensitive data is encrypted. These policies allow the administrators to monitor real-time events and generate reports to demonstrate compliance with internal and regulatory requirements.
Endpoint Encryption has the advantage over other competitive encryption products because it engages encryption prior to loading of the Windows or Mac operating system, while data is at rest.
During the installation of this McAfee endpoint suite, the Endpoint Encryption for PC client and associated management files were checked into your McAfee ePO server. A deployment task was automatically created for you as well. Note that after deployment of Endpoint Encryption, a reboot is required.
Disclaimer 1: This process should only be done in a test environment. McAfee does not recommend testing full disk encryption software in a production environment.
Registering Windows Active Directory (this section is taken directly from the product readme)
Use this option to register a Windows Active Directory. You must have a registered AD to use Policy Assignment Rules, to enable dynamically assigned permission sets, and to enable automatic user account creation.
This is the procedure for registering a Windows Active Directory.
Configuring automation task for LDAP synchronization (this section is taken directly from the product readme)
You can create many tasks that run at scheduled intervals to manage the McAfee ePO server and endpoint software. This is the procedure for creating the server task.
Configure EEPC Product Settings Policy
This policy controls the behavior of the EEPC agent. It contains things like the policy for enabling encryption, enabling automatic booting, and controlling the theme for the pre-boot environment. In McAfee ePO go to Menu | Policy | Policy Catalog. Then choose Endpoint Encryption from the Product drop-down list. Then choose Product Settings from the Category drop-down list. Locate the My Default policy and click Edit Settings.
Recommended Product Settings
Configure EEPC User Based Policy (UBP) Settings
This policy controls the parameters for EEPC user accounts. It contains things like the policy for selecting a token type (password, smartcard, biometric, etc.), and password content rules. In McAfee ePO go to Menu | Policy | Policy Catalog. Then choose Endpoint Encryption from the Product drop-down list. Then choose User Based Policies from the Category drop-down list. Locate the My Default policy and click Edit Settings.
Recommended User-Based Policy Settings
Add Group Users
Group Users are EEPC user accounts that will be provisioned to every encrypted machine. These are meant as admin accounts that can be used for troubleshooting or support. In this example, they are essentially back door accounts that can log in to any system that you encrypt. For production, we would not recommend having back door accounts but it tends to make things easier during an evaluation or proof of concept.
This is the procedure for adding Group Users.
The deployment task will push both the Endpoint Encryption Agent and the EEPC v7 component to the selected systems. The install is silent, but the user will be prompted to reboot when the install is complete.
Use McAfee ePO to Report Encryption Status
McAfee ePO provides all the management and reporting tools for EEPC.
Procedure 1 - Check the status of a disk on a single system. This is useful for incident response situations, where you simply have to prove that a "missing" laptop was fully encrypted.
Procedure 2 - Track the progress of your deployment or determine the number of encrypted systems