McAfee Endpoint Encryption for PC Installation Procedures

Before starting the installation of McAfee Endpoint Encryption for PC (MEEP), you must make
sure that the OS is Windows XP 32 bit or Windows Vista and 7 32/64 bit. Dual boot machines
should not have MEEP installed, this includes MACs notebooks.

1. The installation of MEEP will take place using SCCM. You can run the SCCM client install
from \\sms12\SCCMClient\ccmsetup.exe. This is a silent install that takes about 15 minutes
to run.

2. Once the install of the SCCM client is on the targeted machine login with your account. Keep
in mind, the advertisement is to desktop support personnel UTAD accounts, not the end
user’s account. If you want to better organize your machines in SCCM, please send the
structure and grouping for the machines to Desktop Development.

3. Run chkdsk and backup User’s files to off machine location.

4. To run the install, go to Control Panel, Programs and Run Advertised Programs and select
the McAfee Endpoint Encryption for PC (Safeboot) install and run it. Advertisements will not
popup in the systray for this particular application.

5. After launching the install you are presented with the normal IE window that we use for
application deployment. You will be prompted to answer a question before the install
starts. You are asked if the user’s data has been backed up to their H:\ drive. Due to the
stress that will be put on a hard drive from the encryption and the real possibility that the
drive could fail, it is recommended to first backup the data. Use whatever means you need
to accomplish this task. It may be that you need to ghost the entire drive or simply move or
at least copy the data over to the H:\ drive. After clicking yes, the installation will proceed.

• Note: If this is the first time that MEEP is installed on this computer, then the
installation is pretty straight forward. The computer and user are created on the
safeboot server and the user is created on the local drive. If MEEP was installed
previously, then it must be understood that you should be working with a computer
that was just reimaged. On a re-imaged computer where the encryption installed
again, the installation will take a few seconds longer due changes that need to be
made on the MEEP server.
6. After the installation finishes, it will pop up the myutaccount.utoledo.edu web page. Have
the user change their password at this time if they haven’t already done so. Remember to
run the adduser script to assign the users to the machine. You must manually reboot the
computer to start the encryption process. Upon reboot and user login, you can monitor the
progress by right clicking the icon in the systray and selecting show status. The icon looks
like a lock on a monitor. Even though the encryption process has started, you may reboot at
any time. Scroll to the top of the information and see if the users name is listed as part of
the synchronization information. If so, reboot a second time to then get the pre-boot login
window.

7. At this window, enter the user’s UTAD account name; make sure they use the password
they just changed on the myutaccount website. A third reboot will cause a SSO or Non-SSO
login meaning the user may or may not have to enter credentials twice. MEEP will pass the
account name and password through to AD if they match and SSO mode was selected
during install.

8. If there is a need to add a second or third user to a pc, You can either run the adduser script
or call Collaborative Services and have the user created and added to the pc. Collaborative
Services now has the ability to bulk add users to machines. A text file with two columns first
column is utad userid second column is machine name. These columns need to be
separated by a space.

• Note: When a user is added to a machine and that user has not previously been in
MEEP, they need to reset their password at myutaccount.utoledo.edu if they
haven’t already set their password.

• Note: Syncing password with the MEEP server and computers occurs every two
hours, if the computer is turned on. If a user changes his or hers password using
CTRL ALT DEL on a computer running safeboot, then the password should sync with
AD. There are plans to create an ILM connector to sync the safeboot server with
Active Directory.