Managing Drive Encryption users The McAfee ePO server allows administrators to assign users from Microsoft Active Directory or User Directory to Drive Encryption managed systems. The user's authentication credentials, token type, and the user information fields are managed from the McAfee ePO server. Drive Encryption gives the administrator the freedom of adding and removing the users to and from systems or system groups at any time. Manage the users assigned to a systemYou can use the McAfee ePO server to view the Drive Encryption users assigned to the client system. The Drive Encryption software can be activated on a client system only after adding one or more users and enforcing the required encryption policies correctly. Add group usersGroup Users are the Drive Encryption user accounts that are allocated to every encrypted system. They are typically administration accounts used for troubleshooting and supporting the client in a given group. User management through User DirectoryDrive Encryption 7.2.0 provides support for user management using the User Directory feature to remove the dependency on LDAP server. Edit user inheritance You can group users at different organizational levels and edit the inheritance as required. Inheritance is used to assign multiple users to systems from a centralized location without having to work on the individual systems. How Drive Encryption controls the Windows logon mechanismDrive Encryption intercepts the Windows logon mechanism using a Passthrough Shim Gina on Windows 2003 and Windows XP, and a Credential Provider on Vista. Enable Single-Sign-On (SSO) on a systemEnabling SSO on a system allows the user to log on to the system with a single authentication process. It allows automatic logon to the operating system once the user authenticates through the Pre-Boot Authentication page. Synchronize the Drive Encryption password with the Windows passwordUse this task to synchronize the Drive Encryption password with the Windows password. This synchronizes the Windows password to the Drive Encryption password, so the user needs to authenticate on the Pre-Boot Authentication page with Windows password. Configure password content rulesThis policy setting determines whether the Drive Encryption passwords must meet complexity requirements. Complexity requirements are enforced when the updated policy is assigned to the required user on a system. Manage a disabled user in Microsoft Active Directory or User DirectoryUse this task to disable, delete, or ignore a user who has been disabled in Active Directory or User Directory. Managing the blacklist rule with the ALDU function With the Add Local Domain User (ALDU) function, domain users who have previously and are currently logged on to the client system can authenticate through the Pre-Boot, even if the administrator has not explicitly assigned the user to the client system. Configure global user informationGlobal users have read and write permissions to all operations. You can create additional global administrator accounts for people who require global administrator rights. Manage logon hoursYou can control and limit the timeline when a user can log on to the Drive Encryption client system. Define Drive Encryption permission sets for McAfee ePO usersUser accounts provide a means for users to access and use the Drive Encryption software. They are associated with permission sets that define what users are allowed to do with the software. How disabling/deleting a user in Active Directory affects the Drive Encryption userEvery user account has an objectGUID in LDAP. If a user account is deleted from LDAP and another is created with the same user name, this new user account is a different entity. This is because the new user has a different objectGUID.