Difference between revisions of "McAfee Endpoint"

From The University of Akron Support Wiki
Jump to: navigation, search
(Troubleshooting Login Issues)
 
(33 intermediate revisions by 9 users not shown)
Line 1: Line 1:
<div style="display:inline;
+
==Notice==
width:620px; float:right;">
+
Mcafee Endpoint is currently being phased out by the University IT Department and is being replaced with BitLocker.
[[Image:Endpoint_encryption_135x120.jpg]] </div>
+
==About==
+
McAfee Endpoint Encryption (or safeboot) is a [http://en.wikipedia.org/wiki/Full_disk_encryption Disk Encryption Software] that will replace PointSEC at the University of Akron.
+
  
==Getting Safeboot==
+
==About==
Beginning February 1 all new laptops and desktops will have safeboot automatically. Current Desktops with no encryption software will be pushed Safeboot via [SMS] at a future date that has not been decided. All laptops that currently have PointSEC will eventually be converted to Safeboot, though no mandatory date has yet been set. A Mac version should be available in "6 to 9 months" and will be deployed via SMS for MAC.
+
McAfee Endpoint Encryption is a [http://en.wikipedia.org/wiki/Full_disk_encryption Disk Encryption Software] that  replaced PointSEC at the University of Akron.
  
{{Yellowbox|Volunteer Safeboot Installations|Currently, Converting to safeboot is a voluntary actionIf requested, Safeboot will be made available via your '''Run Advertised Programs''' icon found in the control panel. }}
+
==Installation of  Whole Disk Encryption==
 +
Beginning February 1 all new laptops and desktops will have whole disk encryption automaticallyCurrent Desktops with no encryption software will be pushed Endpoint via [SCCM].
  
When installing Safeboot, SMS will push a silent install of the software package.  An IE window will pop up requesting you to type in your PASSWORD.  Your Username will already be pre-filled in the form.  If you do not enter a password, a default password will be entered.  (12345).  Your password will be synced with the network.  If you do not enter a password matching your UAnetID password, it will be replaced with your current UAnetID password when the computer is connected with the network.
+
When installing Endpoint, SCCM will push a silent install of the software package.  An IE window will pop up requesting you to type in your PASSWORD.  Your Username will already be pre-filled in the form.  If you do not enter a password, a default password will be entered.  (12345).  Your password will be synced with the network.  If you do not enter a password matching your UAnetID password, it will be replaced with your current UAnetID password when the computer is connected with the network.
  
 
There will be no forced reboots during the install process.   
 
There will be no forced reboots during the install process.   
  
A Micro-Zone tech will remove PointSEC and begin the Safeboot install processLaptop users should expect the Zone Technician to have their laptops for several hours or days.
+
{{Bluebox|To Request Endpoint encryption|To request Endpoint encryption, [[Contact us]] to create a support requestYou will receive further instructions at the time of the request.}}
  
{{Bluebox|To Request Safeboot|To request Safeboot, [[Contact_us]] to create a support request.  You will receive further instructions at that time.}}
+
==Endpoint==
 +
Once the encryption Pre-boot environment is installed (the Endpoint login screen) your laptop will be configured with Single Sign On.  You will only need to enter your UAnetID and Password when the computer is turned on.  You will not be prompted to login to windows.  (Vista64 users will not have SSO enabled).  
  
==Safeboot==
+
Your Endpoint password will be synchronized when windows loads, and every few hours.  It can also be synchronized manually.  If your machine is not connected to the UA network, the password will not be synchronized.  You will need to [[Forticlient VPN Setup|VPN]] into the university and manually synchronize the account.
Once the safeboot Pre-boot environment is installed (the Safeboot login screen) your laptop will be configured with Single Sign On.  You will only need to enter your UAnetID and Password with the computer is turned on.  You will not be prompted to login to windows.  (Vista64 users will not have SSO enabled).
+
 
+
Your safeboot password will be syncronized when windows loads, and every few hours.  It can also be syncronized manually.  If your machine is not connected to the UA network, the password will not be syncronized.  You will need to [[VPN]] into the university and manually synchronize the account.
+
  
 
==Troubleshooting Login Issues==
 
==Troubleshooting Login Issues==
  Fault: UNKNOWN USERNAME
+
  <font size="3.5">Fault: UNKNOWN USERNAME
 
  Cause: Machine Credentials are not synced, or the user has no permission to sign into machine.
 
  Cause: Machine Credentials are not synced, or the user has no permission to sign into machine.
  Solution:[[Contact_us |Contact the Support Center]] Via phone, or in person to enable sign-in ability
+
  Solution:Contact the [[Contact_us |Help Desk]] Via phone, or in person to enable sign-in ability</font>
  
  Fault:Authentication Parameters Incorrect
+
  <font size="3.5">Fault:Authentication Parameters Incorrect
 
  Cause:An invalid password was entered.
 
  Cause:An invalid password was entered.
  Solution:Enter the correct password, or [[Contact_us |Contact the Support Center]] Via phone, or in person to enable sign-in ability
+
  Solution:Enter the correct password, or contact the [[Contact_us |Help Desk]] Via phone, or in person to  
 +
enable sign-in ability</font>
  
  Fault:Safeboot and UAnetID passwords are different
+
  <font size="3.5">Fault:Endpoint and UAnetID passwords are different
 
  Cause:Most likely, your password was changed since the last time the machine was connected to the network.
 
  Cause:Most likely, your password was changed since the last time the machine was connected to the network.
  Solution:Contact the Support center to generate a one time login.  If off campus, use the VPN to connect to UA's network to sync.
+
  Solution:Contact the [[Contact us|Help Desk]] to generate a one time login.  If off campus, use the VPN to connect  
 +
to UA's network to sync.</font>
  
 
To select recovery options, press cancel from the password dialog.  You may need to select reset password, user recovery, or machine recovery depending on the situation.  A support technician will need to assist you when using these features.
 
To select recovery options, press cancel from the password dialog.  You may need to select reset password, user recovery, or machine recovery depending on the situation.  A support technician will need to assist you when using these features.
Line 40: Line 38:
 
==One time login Bypass==
 
==One time login Bypass==
  
The best way to allow a user to sign into a locked safeboot machine is to trigger a one time login bypass. To begin this process, have the user cancel the login prompt.  Click Options in the lower left of the screen,  recovery, and select machine recovery (then the next button).
+
The best way to log in to a locked machine is to contact us for a One Time Login Bypass. We can assist you in accessing a locked machine.  
 
+
<!--
 
   
 
   
  
The Zipsupport Agent should load the website https://epomb1.uanet.edu and login with your uanet id and password.  Click on Preform Endpoint Encryption Recovery.  Next click on PC / Laptop User recovery.
+
The Zipsupport Agent should load the website http://epomb1.uanet.edu and login with your uanet id and password.  Click on Preform Endpoint Encryption Recovery.  Next click on PC / Laptop User recovery.
  
 
   
 
   
Line 56: Line 54:
 
   
 
   
  
The end user will recieve a notice that the Recovery operation has been successful.  The Machine will now boot into windows normally.
+
The end user will receive a notice that the Recovery operation has been successful.  The Machine will now boot into windows normally.
 +
-->
 +
==Adding users to machine==
  
+
Users who need to be added to a machine will need to call the [[Contact us|Help Desk]] at (330)972-6888.
  
==Adding users to machine==
+
==Notes about the Endpoint system==
 +
 
 +
There is a safeguard on the system that if the user fails to log in <b>30</b> times in a row, the program will lock the account out of the computer and out of the system. The issue will need to be directed to the Endpoint Admins to delete the locked account and recreate a usable account.
 +
 
 +
* There is a password history of 3 within the system. This will be a problem when the passwords get out of synced. If the user changes the password from the UAnet id password, the user will have to change the <i>endpoint</i> password 2 more times before it can use the old password again.
 +
* If the user changes their password for the UANet system, their old UANet password may still work on the Endpoint system.
 +
* If a machine has not been on the network for more than 90 days the account/machine will be deleted from the database and logging into the system will become a problem. The user will need to have a MicroZone tech re-add it to the data base before it will be able to log on again.
 +
 
 +
==Exemption Request==
 +
To have Endpoint removed from a machine the requester will need to complete the form found at: https://footprints.uakron.edu/exemption/
  
It can be done from the Endpoint Management Console that is currently in Start, All Programs of the terminals. When you are in there you must find the device and then you are able to add a user.
+
[[Category:Security]]

Latest revision as of 17:10, 24 March 2020

Notice

Mcafee Endpoint is currently being phased out by the University IT Department and is being replaced with BitLocker.

About

McAfee Endpoint Encryption is a Disk Encryption Software that replaced PointSEC at the University of Akron.

Installation of Whole Disk Encryption

Beginning February 1 all new laptops and desktops will have whole disk encryption automatically. Current Desktops with no encryption software will be pushed Endpoint via [SCCM].

When installing Endpoint, SCCM will push a silent install of the software package. An IE window will pop up requesting you to type in your PASSWORD. Your Username will already be pre-filled in the form. If you do not enter a password, a default password will be entered. (12345). Your password will be synced with the network. If you do not enter a password matching your UAnetID password, it will be replaced with your current UAnetID password when the computer is connected with the network.

There will be no forced reboots during the install process.

Notice.png To Request Endpoint encryption
To request Endpoint encryption, Contact us to create a support request. You will receive further instructions at the time of the request.

Endpoint

Once the encryption Pre-boot environment is installed (the Endpoint login screen) your laptop will be configured with Single Sign On. You will only need to enter your UAnetID and Password when the computer is turned on. You will not be prompted to login to windows. (Vista64 users will not have SSO enabled).

Your Endpoint password will be synchronized when windows loads, and every few hours. It can also be synchronized manually. If your machine is not connected to the UA network, the password will not be synchronized. You will need to VPN into the university and manually synchronize the account.

Troubleshooting Login Issues

Fault: UNKNOWN USERNAME
Cause: Machine Credentials are not synced, or the user has no permission to sign into machine.
Solution:Contact the Help Desk Via phone, or in person to enable sign-in ability

Fault:Authentication Parameters Incorrect
Cause:An invalid password was entered.
Solution:Enter the correct password, or contact the Help Desk Via phone, or in person to

enable sign-in ability 

Fault:Endpoint and UAnetID passwords are different
Cause:Most likely, your password was changed since the last time the machine was connected to the network.
Solution:Contact the Help Desk to generate a one time login.  If off campus, use the VPN to connect

to UA's network to sync.

To select recovery options, press cancel from the password dialog. You may need to select reset password, user recovery, or machine recovery depending on the situation. A support technician will need to assist you when using these features.

One time login Bypass

The best way to log in to a locked machine is to contact us for a One Time Login Bypass. We can assist you in accessing a locked machine.

Adding users to machine

Users who need to be added to a machine will need to call the Help Desk at (330)972-6888.

Notes about the Endpoint system

There is a safeguard on the system that if the user fails to log in 30 times in a row, the program will lock the account out of the computer and out of the system. The issue will need to be directed to the Endpoint Admins to delete the locked account and recreate a usable account.

  • There is a password history of 3 within the system. This will be a problem when the passwords get out of synced. If the user changes the password from the UAnet id password, the user will have to change the endpoint password 2 more times before it can use the old password again.
  • If the user changes their password for the UANet system, their old UANet password may still work on the Endpoint system.
  • If a machine has not been on the network for more than 90 days the account/machine will be deleted from the database and logging into the system will become a problem. The user will need to have a MicroZone tech re-add it to the data base before it will be able to log on again.

Exemption Request

To have Endpoint removed from a machine the requester will need to complete the form found at: https://footprints.uakron.edu/exemption/

Retrieved from "https://support.uakron.edu/wiki/index.php?title=McAfee_Endpoint&oldid=28115"