McAfee Endpoint Encryption for PC Installation Procedures

Before starting the installation of McAfee Endpoint Encryption for PC (MEEP), you must make

sure that the OS is Windows XP 32 bit or Windows Vista and 7 32/64 bit. Dual boot machines

should not have MEEP installed, this includes MACs notebooks.

1. The installation of MEEP will take place using SCCM. You can run the SCCM client install

from \\sms12\SCCMClient\ccmsetup.exe. This is a silent install that takes about 15 minutes

to run.

2. Once the install of the SCCM client is on the targeted machine login with your account. Keep

in mind, the advertisement is to desktop support personnel UTAD accounts, not the end

user’s account. If you want to better organize your machines in SCCM, please send the

structure and grouping for the machines to Desktop Development.

3. Run chkdsk and backup User’s files to off machine location.

4. To run the install, go to Control Panel, Programs and Run Advertised Programs and select

the McAfee Endpoint Encryption for PC (Safeboot) install and run it. Advertisements will not

popup in the systray for this particular application.

5. After launching the install you are presented with the normal IE window that we use for

application deployment. You will be prompted to answer a question before the install

starts. You are asked if the user’s data has been backed up to their H:\ drive. Due to the

stress that will be put on a hard drive from the encryption and the real possibility that the

drive could fail, it is recommended to first backup the data. Use whatever means you need

to accomplish this task. It may be that you need to ghost the entire drive or simply move or

at least copy the data over to the H:\ drive. After clicking yes, the installation will proceed.

• Note: If this is the first time that MEEP is installed on this computer, then the

installation is pretty straight forward. The computer and user are created on the

safeboot server and the user is created on the local drive. If MEEP was installed

previously, then it must be understood that you should be working with a computer

that was just reimaged. On a re-imaged computer where the encryption installed

again, the installation will take a few seconds longer due changes that need to be

made on the MEEP server.

6. After the installation finishes, it will pop up the myutaccount.utoledo.edu web page. Have

the user change their password at this time if they haven’t already done so. Remember to

run the adduser script to assign the users to the machine. You must manually reboot the

computer to start the encryption process. Upon reboot and user login, you can monitor the

progress by right clicking the icon in the systray and selecting show status. The icon looks

like a lock on a monitor. Even though the encryption process has started, you may reboot at

any time. Scroll to the top of the information and see if the users name is listed as part of

the synchronization information. If so, reboot a second time to then get the pre-boot login

window.

7. At this window, enter the user’s UTAD account name; make sure they use the password

they just changed on the myutaccount website. A third reboot will cause a SSO or Non-SSO

login meaning the user may or may not have to enter credentials twice. MEEP will pass the

account name and password through to AD if they match and SSO mode was selected

during install.

8. If there is a need to add a second or third user to a pc, You can either run the adduser script

or call Collaborative Services and have the user created and added to the pc. Collaborative

Services now has the ability to bulk add users to machines. A text file with two columns first

column is utad userid second column is machine name. These columns need to be

separated by a space.

• Note: When a user is added to a machine and that user has not previously been in

MEEP, they need to reset their password at myutaccount.utoledo.edu if they

haven’t already set their password.

• Note: Syncing password with the MEEP server and computers occurs every two

hours, if the computer is turned on. If a user changes his or hers password using

CTRL ALT DEL on a computer running safeboot, then the password should sync with

AD. There are plans to create an ILM connector to sync the safeboot server with

Active Directory.