Configure the out-of-band management feature

Using McAfee ePO, you can remotely reset the password of a user of an encrypted system while it is in the Pre-Boot environment. The user can then log on through Pre-Boot using their new password, and is forced to change the password immediately.

Before you begin

  • You must have administrator rights to perform this task.
  • Make sure that your client system meets the requirements for Intel® AMT out-of-band management. For more information about Intel® AMT configurations and settings, see the McAfee ePO Deep Command Product Guide.


  1. Log on to the McAfee ePO server as a user with valid Drive Encryption permissions.
  2. Click MenuSystemsSystem Tree.
  3. Select the required system, then click ActionsDrive EncryptionOut Of Band - User Management to open the OOB User Management page.
    The Select action pane appears with the Reset user's password token option selected.
  4. Click Next to open the Select user pane.
    The Select user page lists only the users with password token data. You can select only one user at a time.
  5. Select the required user, then click Next.
    Note: You can select only one user at a time.
  6. In the Configure pane, type a temporary password in the Password and Confirm fields.
    Note: If a user performs an OOB password reset, the administrator provides a temporary password, which the users might have to type in PBA. If the policy requires that the default password be used, the user must type the new temporary password before entering a new password. If no default password is required, the user doesn't have to type the temporary password, and instead types the new password immediately.
  7. Click Save.
    The next time a user restarts that client system, after entering the temporary password, the user is forced to set a new password and perform the user enrollment.

What to do next

Note: In Queries & ReportsShared GroupsDrive Encryption OOBDE : OOB Action QueueRun, an action appears in the Action queue for the action selected. If the action is Transient, the Action queue disappears from the DE : OOB action Queue page after the action is performed. If the action is Permanent, the action does not disappear. Moreover, once the password is reset, the user hears a beep confirming the password change.