McAfee Encrypted USB Manager 3.1 Deployment
and Administration Guide
Configuring the client
The client contains a number for the Help Desk at your company. End users dial this number when they cannot access their device or to complete the personalization process. You should modify the Help Desk phone number in the portable content file before you initialize a device.
The default portable content file for Manager includes a copy of the client for Mac. If end users do not use Mac computers, you can delete this application to reduce the time it takes to initialize a device.
To configure the Help Desk contact number
1 In the left pane of the Portable Content Manager, click the Plus (+) sign to expand the tree node for the client.
2 Click the Configuration menu item.
3 In the Properties area of the right pane, type the Help Desk phone number in the Help Desk Contact text box, and then click Apply.
Note: The Portable Content Manager (PCM) provides a graphical interface that lets you configure the client.
Disable When Indicates the device state during which this menu item is disabled.
Hide When Indicates the device state during which this menu item is hidden.
Terminate On Removal
Enabled Specifies whether this application will terminate when the user disconnects the device.
Window Class Recognizes Class elements for the corresponding application. If specified, Connector sends a “close message” so that the application will stop. Otherwise, the application is forced to quit.
For applications, such as the client (and others), you can leave this field blank as forcing the application to quit is acceptable.
Window Title Recognizes Title elements for the corresponding application. If specified, Connector sends a “close message” so that the application will stop. Otherwise, the application is forced to quit.
For applications, such as the client (and others), you can leave this field blank as forcing the application to quit is acceptable.
Auto-Run
Enabled Specifies whether the menu item will run when Connector starts.
Delay (ms) Sets the number of milliseconds to wait until the application starts.
Table 1-4: Menu item properties
Properties Description
Glossary
client Program used by end users that allows them to set passwords and enroll fingers for device authentication.
binding The process by which a device becomes registered in the McAfee Encrypted USB Manager system using initialization.
corporate identifier A unique string that is assigned to a company that owns the Manager deployment. The string is used to identify devices that are managed by the company and bound to the Manager license.
data recovery The process of recovering and examining encrypted data on an issued device by a Security Officer.
device erasure The process of removing all users and authentication information from a device. Erasing renders all sensitive
information inaccessible, and resets the device to a default state.
device database The central repository that contains information on currently managed devices.
device initialization The process of configuring a device according to an initialization profile.
device issuance The process of binding a device to a user according to the usage profile.
device personalization The process by which end users set their authentication
mechanisms including passwords and finger enrollments.
device reinstatement Granting the privilege of using an issued device back to a device user.
device rescue The process of re-enabling the authentication mechanism of an end user to a device. Not available with McAfee
Standard Driverless Encrypted USB.
device revocation Removes the privilege of using an issued device.
DSN Data Source Name; contains information about a database that is required by the ODBC to connect to the database.
face-to-face personalization A method whereby users must be present with an Issuance Officer to set up a password and enroll a biometric (if applicable).
Help Desk operator An administrative role that supports users who call about device problems.
importing devices The process of bringing in an unmanaged device that is currently being used in the managed Manager system.
Initialization Officer An administrative role that can initialize devices.
initialization profile A set configuration of parameters not related to security that define how a device is configured.
Issuance Officer An administrative role that can issue devices to users
LDAP Lightweight Directory Access Protocol;
the standard used by Manager to connect to corporate directories.
management code The code that allows a device to be erased and firmware added.
ODBC Open Database Connectivity; the standard interface used by Manager to connect to the device database.
one-factor authentication A method used to authenticate to a device that requires a user to provide either a valid password or a valid biometric (if applicable) to access a device.
password complexity The degree to which a password is susceptible to unauthorized security breaches. Complex password rules
Glossary McAfee Encrypted USB Manager 3.1 Deployment
and Administration Guide
increase the strength of a password and reduce the risk of unauthorized access to a device.
portable software update A package that can be distributed to end users to update the read-only partition of issued devices.
Security Officer An administrative role with the authority to recover and examine encrypted data from an issued device.
two-factor authentication A method used to authenticate to a device that requires a user to provide both a valid password and a valid biometric to access the device.
usage profile A set of security and user configuration parameters that define how devices may be issued and used.
user revocation Removal of the privilege to use or to have a device issued for a particular user.
user self-personalization A method whereby users can set up their password and enroll a biometric (if applicable) on the device using a self-serve wizard in the client.
Index
applications in .pcf file 48
Connector 54
McAfee Encrypted USB Manager 8
Portable Content Manager 48
RSA Web Service 16
Web Login Config 51
active profiles 36
menu items to Connector 56
portable content 49
portable software package 51
text fields 53
usage profiles 36
users to devices 37
AES key 41
applications about 48
adding credentials 52
adding forms 53
creating for Web login 52
authenticating one-factor 34
two-factor 34
authentication
options for device database 12
rescuing devices 45
capabilities of Manager 7
CD image
creating new 21
certificate
registering for enrollment agent 14
Certificate Authority 39
issuing certificates with Manager 13
certificate file
importing to device 43
certificate template configuring 14
certificates
creating profiles for 39
issuing to users 41
removing 42
changing
installation setup 21
usage profiles 36
client
adding Help Desk number 57
definition 58
adding menu items 56
configuring 54
setting General properties 55
content
adding to portable content file 49
deleting from portable content file 49
copying
credential profiles 40
Index McAfee Encrypted USB Manager 3.1 Deployment
and Administration Guide
initialization profiles 29
portable content file 50
usage profiles 35
portable content file 48
portable software package 51
usage profiles 33
adding to applications 52
deleting 42
issuing to users 41
saving to file 41 D
data recovery definition 58
how to 45
setting in usage profile 34
Data Source Name creating 20
database
authentication options 12
creating for Manager 11
definition 58
deactivating profiles 36
default portable content file 48
deleting
deploying devices to users 33
deployment cycle
creating usage profiles 33
erasing 31
issuing credentials 41
issuing to users 33
McAfee Standard Driverless Encrypted USB 5
number of users allowed 33
recycling 31
viewing contents of .pcf file 49
distributing software package for read-only parti-tion 51
drive type
setting for read-only partition 28
DSN
menu items in Connector 56
usage profiles 36
encryption keys recovering 42
enrolling
number of fingerprints 34
enrollment agent
registering for certificate 14
erasing devices 31
Explore Root
menu command 49
exporting portable content 50 F
face-to-face personalization about 25
definition 58
setting 33
False Match Rate 34
false rejection rate biometric 34
features Manager 7
new in McAfee Encrypted USB Manager 2.4 6
new in McAfee Encrypted USB Manager 3.0 5
new in McAfee Encrypted USB Manager 3.1 5
files
adding to portable content file 49
creating portable content 48
deleting from .pcf file 49
fingerprints
number to enroll 34
fingers
incorrectly matched 34
Fixed drive type 28
forms
Index McAfee Encrypted USB Manager 3.1 Deployment
and Administration Guide
adding input fields 53
adding text fields 53
adding to applications 53 G
General settings in Connector 55
generating reports 46 H
hardware version 46
Help Desk
adding phone number 57
rescuing devices 45
Help Desk Operator definition 58
the role of 26
high False Match Rate 34
Host Agents
configuring RSA SecurID Web Service 16 I
importing license file 10
non-registered devices 31
recovered certificate file 43
importing devices definition 58
initialization definition 58
reducing time required 57
Initialization Officer definition 58
the role of 26
initialization profile setting drive type 28
initialization profiles
adding to forms 53
installation setup modifying 21
installing Manager 19
software packages 51
installing RSA Web Service 16
IP address or domain-based access 18
issuance
certificates with Manager 13
credentials to users 41
devices to users 33 K
low False Match Rate 34 M
Mac
using with the client 57
management code definition 58
Manager about 8
modifying configuration files 19
running SQL script 11
maximum finger enrollments per user 34
McAfee Encrypted USB Manager
McAfee Standard Driverless Encrypted USB 5
menu items
adding to Connector 56
Microsoft SQL Server
McAfee Encrypted USB Manager 2.4 6
McAfee Encrypted USB Manager 3.0 5
McAfee Encrypted USB Manager 3.1 5 O
setting for users 33
partitions public 29
read-only 29
setting private partitions 37
sharing 33
viewing size of 46
password retry limit 35
rules 35
password complexity
Index McAfee Encrypted USB Manager 3.1 Deployment
and Administration Guide
adding for the client 57
PKCS#12 files 41
portable content file adding items to 49
creating 48
deleting items from 49
displaying root contents 49
exporting 50
refresh 49
viewing files in a directory 49
Portable Content Manager
creating software updates 51
distributing updates 51
installing software updates 51
properties
setting in Connector 55
provisioning mode
face-to-face personalization 33
user self-personalization 33 R
read-only drive type 28
read-only partition
portable content file 49
registering
enrollment agent certificates 14
Removable drive type 28
removing
all device users 31
credentials 42
requirements for system 8
rescuing devices 45
retry limit
setting for biometric 34
setting for password 35
root
managing portable content 49
RSA SecurID profile 40
RSA SecurID tokens 16
RSA Web Service 16
RSA Web Service URL 40
rules
setting for passwords 35
running reports 46 S
script
running for Manager 11
SDTID files 41
security
database authentication options 12
setting biometric security level 34
Security Officer definition 59
the role of 27
setting
biometric retry limit 34
biometric security level 34
database authentication options 12
password retry limit 35
password rules 35
properties in Connector 55
two-factor authentication 34
sharing private partitions 33
size
private partitions 37
public partition 29
read-only partition 29
software
installing on devices 51
supported 8
updating 51
software packages
Index McAfee Encrypted USB Manager 3.1 Deployment
and Administration Guide
creating 51
distributing 51
software version 46
SQL Server
creating Manager database 11
statistics devices 44
users 44
support Help Desk 45
role of Help Desk Operator 26
supported
configuring for certificates 14
creating for portable content file 48
text fields
with user self-personalization 25 U
updating
device software 51
updating device software 51
upgrading
Microsoft SQL Server 22
portable software package 51
upgrading McAfee Encrypted USB Manager 22
URL
RSA Web Service 40
usage profiles
setting data recovery 34
user revocation
adding to devices 37
allowed per device 33
creating usage profiles 33
erasing all from device 31
granting access to RSA Web Service 17
issuing devices to 33
number of finger enrollments 34
removing from devices 37
viewing device statistics 44
viewing number of 46 V
variables
configuring in TokenIssuance 17
version number 46
viewing
device configuration 46
device license information 10
device statistics 44
securing McAfee RSA Web Service 17
setting for RSA 16
Windows Integrated Authentication enable for RSA Web Service 17
workstations
granting IP address or domain-based access 18