McAfeeEndpoint

Encryption

McAfee Endpoint Encryption Unlocking an Encrypted Laptop

KNOWLEDGEBASE (Intended Audience) This document is intended for System Administrators at Your Company

Document Ref & Version No:V1.0

Author: Approved by:

Revision Due Date: 1 year from issue Issue Date:

Document Control:

Document Title: File Name: Author: Date:

McAfee Endpoint Encryption Unlocking an Encrypted Laptop

10/04/2010

Version Control:

Version: Reason for Change Author/Editor: Date:

1.0 Initial Draft 10/04/20101.1 Final Draft

Purpose The purpose of this document is to aid the System Administrators and other technical staff at your company unlock a McAfee Endpoint Encrypted Laptop.

OverviewMcAfee Endpoint Encryption (formerly Safeboot) is a full disk and content encryption product. It is designed to encrypt files and folders on a your company laptop in order to ensure that restricted and sensitive data are protected against unauthorized access. McAfee Endpoint Encryption is particularly useful for helping to safeguard laptops containing sensitive information in the event they are lost or stolen.

In simple terms, the McAfee Endpoint Encryption client takes control of a hard disk away from the operating system. McAfee Endpoint Encryption encrypts data written to the disk, and decrypts data read from the disk. If the hard disk drive is read directly, one would find only encrypted data, even in the Windows swap file and temporary file areas.

Last updated: 7/04/2010 1 of 7 v1.0

Your Company McAfeeEndpoint

Encryption

Boot-Up/Login

An encrypted laptop upon power-up will display a “pre-boot screen”.

After successfully authenticating to this pre-boot screen, the users laptop will continue booting as normal. Since passwords have been synched, the Windows password will be automatically entered into the Windows logon window and the user will go straight into their desktop.

Incorrect logon message Error 0xe0010002 If the user enters the wrong credentials at the pre-boot screen, they will get an error message stating that

Authentication parameters incorrect.

Locked account message Error 0xe0010005 If the user enters their password incorrectly after a number of attempts, their ID will be disabled and they will see

Token is invalidated screen and the helpdesk must perform a User recovery

Incorrect username Error 0xe0010020

If the user enters an incorrect username they receive an unknown user name

message and the helpdesk must perform a Machine recovery

Last updated: 7/04/2010 2 of 7 v1.0

Your Company McAfeeEndpoint

Encryption

Password Recovery

User calls the Helpdesk

1. Ask the user to select Cancel to remove the login dialog box.

2. Then Select the Options link on the bottom left of the screen and select Recovery from the available options

Locked account Error 0xe0010005Incorrect logon Error 0xe0010002

3. Select User recovery, the user types in their username and clicks Next

Last updated: 7/04/2010 3 of 7 v1.0

Your Company McAfeeEndpoint

Encryption

Incorrect username Error 0xe0010020

4. Ensure the username you are using is correct. Select Machine recovery, click Next

Recovery screen laptop

5. The laptop displays a 16-character Client code string (challenge)

6. RDP onto the Safeboot server

Goto > Safeboot Administration

McAfee Endpoint Encryption Manager opens.

Goto Recovery > Perform recovery

Last updated: 7/04/2010 4 of 7 v1.0

Your Company McAfeeEndpoint

Encryption

Challenge Code screen

7. Ask the user to read out the client code on the laptop to the helpdesk and select Next.

8. The helpdesk enters the client code (challenge code) onto the server and clicks Next

Information screen

9. McAfee then locates the machine or user to unlock

Click Next

Recovery Options screen

10. For a User recovery in User options select

Reset the user’s password

click Next

11. For a Machine recovery in Machine options select

Boot the machine once

click Next

Last updated: 7/04/2010 5 of 7 v1.0

Your Company McAfeeEndpoint

Encryption

Recovery Code screen

The helpdesk reads back to the user a 17-character (response) code that the user enters into “Line1” on the Laptop Recovery screen

Note: For a disabled user this will be a 25-character code

Laptop Recovery screen

12. The user types in Line 1 the response code and selects Enter and then Finish.

There may be several strings of characters to enter, depending on your configuration.

NOTE: there are no Z, I, O or L in a response code

13. If the user enters incorrectly, they will receive following The response code you have entered is not vaild

Please check your entry and try again

If they see this screen, click the OK button to go back and re-enter the characters.

Last updated: 7/04/2010 6 of 7 v1.0

Your Company McAfeeEndpoint

Encryption

14. When the user successfully enters the response characters, they will be prompted for a new password

Your password is the default and must now be changed

If necessary reset the users AD password

This password must be at least 8 characters in length

15. When the user enters a new password correctly, they will get the confirmation

The recovery operation was successfully completed

16. Select OK the user will be placed back into the pre-boot screen. Select Password Only Token

17. The user can enter their username and new password, and select OK. They will then be booted into Windows as normal.

Last updated: 7/04/2010 7 of 7 v1.0