Modify the token type associated with a system or group

You can create a new user-based policy with a required token type and deploy it to the required system or a system group. You can also edit and deploy an existing policy.

Before you begin

Make sure that:

  • The user is already created in Active Directory.
  • Drive Encryption is installed on at least the minimum supported McAfee ePO version.
  • The server task DE LDAP Server User/Group Synchronization is scheduled and runs normally between McAfee ePO and Microsoft Active Directory.


  1. Click MenuSystemsSystem Tree, then select a group from the System Tree pane.
  2. Select a System, then click ActionsAgentModify Policies on a Single System to open the Policy Assignment page.
  3. From the Product drop-down list, select Drive Encryption 7.2. The policy categories under Drive Encryption display the system's assigned policy.
  4. Select the User Based Policy category, then click Edit Assignments to open the User Based Policies page.
  5. If the policy is inherited, select Break inheritance and assign the policy and settings below next to Inherit from.
  6. From the Assigned Policy drop-down list, select the policy, then click Edit Policy to open the Policy Settings page.
    From this page, you can edit the selected policy, or create a new policy.
  7. From the Token type drop-down list on the Authentication tab, select the required token type.
    Note: For SmartCards that conform to the PKI, PIV, or CAC standards, Drive Encryption uses the information present in a public certificate store of a PKI smartcard to look up users and encrypt their unique Drive Encryption key with the public key available in their certificate. This certificate must be configured while selecting the PKI SmartCard token.
  8. Click Save in the Policy Settings page, then click Save in the User Based Policies settings page.
  9. Send an agent wake-up call.