Assign the UPK to the required user and synchronize the ePO configured policy with the client.
Summary of actions:
- Create an encryption key.
- Activate or deactivate the encryption keys.
- Assign an encryption key.
NOTES:
An administrator can create and manage encryption keys from ePO on the FRP Keys page. These keys can be assigned to users or systems. FRP supports encryption using three types of keys:
- Regular keys - Created by ePO administrators. You can use these keys in any policy.
- User personal keys - A per-user unique encryption key that is generated in ePO when it is assigned to users. When a user is assigned a UPK, the user can use this unique key on any FRP system managed by the same ePO.
- User local keys - Created by the user using the FRP client software on a client system. The user can use these keys to encrypt or decrypt data. These keys are never backed up in ePO.
For information about encryption keys and key types, see the "Managing FRP keys" section of the FRP product guide for your version.
Create a UPK assignment
After a successful upgrade, perform the following steps to create a UPK assignment:
- Verify that a Registered LDAP Server entry exists under Menu, Configuration, Registered Servers.
- Create UPK assignments:
- Click Menu, Data Protection, FRP Keys.
- Click Actions, Key Assignments, Assign UPK(s).
- Select a User, Group, or Organization Unit. Assigns the UPKs.
NOTE: To create and assign keys for multiple users, select a group that contains all users. For example, the group Domain Users.
- Select OS authentication or Password authentication for the Authentication Type, and then click OK.
- Click Menu, Automation, Server Tasks.
- Click Run next to each of the following tasks:
- LdapSync: Sync across users from LDAP
- FRP: Process Key Assignments.
All UPKs are now created. You can view the UPKs in the FRP Keys under
Preset User.
IMPORTANT:
- When you add new users to the Active Directory Group, you must rerun the following tasks to make sure that UPKs are properly created and assigned:
- LdapSync: Sync across users from LDAP
- FRP: Process Key Assignments
- McAfee recommends that you schedule these tasks to run automatically. This action ensures that all new users added to Active Directory receive UPKs.
