manualshive.com logo in svg

McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE, Manual

The McAfee Endpoint Encryption Enterprise Best Practices Guide is a comprehensive manual designed to help users effectively implement and optimize their encryption solution. This essential manual is available for free download on our website. Ensure data security and compliance by following these best practices.

Share
Download
background image

21

 

 

Orphaned

 

Objects

 

To

 

begin

 

a

 

cleanup,

 

the

 

database

 

starts

 

with

 

what

 

are

 

known

 

as

 

“Orphaned”

 

objects.

 

 

These

 

are

 

objects

 

that

 

exist

 

in

 

the

 

Object

 

Directory;

 

they

 

are

 

not

 

visible

 

in

 

the

 

Endpoint

 

Encryption

 

Manager

 

GUI.

 

 

From

 

the

 

Endpoint

 

Encryption

 

Manager

 

console,

 

you

 

can

 

run

 

Group

 

scan

 

found

 

under

 

Groups

 

menu.

 

The

 

preferred

 

method

 

though

 

is

 

to

 

use

 

the

 

command

 

line

 

tool

 

as

 

the

 

process

 

can

 

be

 

automated.

 

 

The

 

second

 

step

 

is

 

to

 

use

 

the

 

cleanup

 

commands.

 

These

 

will

 

try

 

to

 

fix

 

the

 

objects

 

or

 

delete

 

them

 

if

 

they

 

cannot

 

be

 

fixed.

  

The

 

cleanup

 

commands

 

use

 

a

 

cautious

 

approach

 

when

 

deleting

 

objects,

 

so

 

an

 

object

 

might

 

not

 

be

 

deleted

 

even

 

if

 

it

 

is

 

unusable.

  

 

In

 

such

 

a

 

scenario

 

the

 

DumpMachineDesc

 

command

 

should

 

be

 

redirected

 

to

 

a

 

file

 

such

 

as

 

DumpMachine.log

 

to

 

dump

 

the

 

objects

 

that

 

do

 

not

 

respond

 

properly.

 

The

 

broken

 

objects

 

in

 

the

 

DumpMachine.log

 

can

 

be

 

deleted

 

from

 

the

 

database.

 

If

 

the

 

normal

 

deletion

 

process

 

does

 

not

 

work,

 

use

 

Microsoft

 

Windows

 

Explorer

 

to

 

browse

 

to

 

the

 

actual

 

location

 

in

 

the

 

database

 

and

 

delete

 

the

 

physical

 

folder.

 

Note:

 

make

 

sure

 

you

 

have

 

a

 

full

 

backup

 

of

 

SBDATA

 

before

 

doing

 

this.

 

 

Restore

 

Commands

 

To

 

restore

 

orphaned

 

user

 

objects

 

back

 

into

 

a

 

group,

 

use

 

this

 

command:

 

 

SBADMCL

 ‐

Command:RestoreUsers

 ‐

Adminuser:Admin

 ‐

Adminpwd:mypassword

 ‐

Group:"Orphaned

 

Users"

 ‐

Database:"Customer

 

database"

 

 

Where

 

“Orphaned

 

Users”

 

is

 

a

 

user

 

group

 

you

 

have

 

made

 

to

 

hold

 

them

 

(or

 

can

 

be

 

another

 

group).

 

 

To

 

restore

 

orphaned

 

machine

 

objects

 

back

 

into

 

a

 

group,

 

use

 

this

 

command:

 

SBADMCL

 ‐

Command:RestoreMachines

 ‐

Adminuser:Admin

 ‐

Adminpwd:mypassword

 ‐

Group:"Orphaned

 

Machines"

 ‐

Database:"Customer

 

database"

 

 

Please

 

note

 

that

 

these

 

commands

 

are

 

database

 

intensive

 

processes,

 

so

 

run

 

these

 

commands

 

during

 

non

 

working

 

hours

 

only,

 

or,

 

do

 

it

 

per

 

group

 

during

 

daytime

 

if

 

the

 

groups

 

are

 

small.

 

 

Cleanup

 

Commands

 

These

 

two

 

processes

 

have

 

to

 

be

 

done

 

per

 

group,

 

so

 

could

 

be

 

done

 

during

 

daytime

 

if

 

the

 

groups

 

are

 

small.

 

It

 

could

 

be

 

automated

 

running

 

through

 

a

 

CSV

 

file

 

with

 

user

 

groups.

 

 

To

 

cleanup

 

corrupted

 

User

 

objects

 

use

 

this

 

command:

 

 

SBADMCL

 ‐

Command:CleanupUserGroup

 ‐

Adminuser:Admin

 ‐

Adminpwd:mypassword

 ‐

Group:”My

 

Laptop

 

Users”

  ‐

Database:"Customer

 

database"

 

 

To

 

cleanup

 

corrupted

 

Machine

 

objects

 

use

 

this

 

command:

 

 

SBADMCL

 ‐

Command:CleanupMachineGroup

 ‐

Adminuser:Admin

 ‐

Adminpwd:mypassword

 ‐

Group:”

 

EndPoint

 

Encryption

 

Machines”

 ‐

Database:"Customer

 

database"

 

 

 

 

Summary of Contents for ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Page 1: ...1 McAfee Endpoint Encryption Enterprise Best Practices Guide November 2009...

Page 2: ...d No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the written permission of McAfe...

Page 3: ...OF 5000 USER MACHINE OBJECT DIRECTORY 10 VIRTUAL SERVERS 10 GLOBAL DEPLOYMENTS 11 OPTIMISATION ACTIONS 11 OPTIMISATION ACTIONS OVERVIEW 12 NAME INDEXING DBCFG INI 13 WARNINGS 13 DBCFG INI 13 GROUP SI...

Page 4: ...19 CLEARING THE AUDIT 19 DELETED ITEMS CLEANUP 20 CHECKING FOR DATABASE CORRUPTION 20 WHY DOES THE DATABASE GET CORRUPTED 20 ORPHANED OBJECTS 21 RESTORE COMMANDS 21 CLEANUP COMMANDS 21 DUMP MACHINE D...

Page 5: ...e product and the environment in which it is being used before arriving at any decision on implementation strategy Calculations and figures in this guide are based on field evidence and not theoretica...

Page 6: ...a distributed way For example the Web Helpdesk component can be installed on a dedicated web server while the rest of the components are on a separate Endpoint Encryption Server However the majority o...

Page 7: ...hared Server can be used for low numbers Please see Virtual Server section in this guide Virtual hardware has to be of higher specification if resources are shared See Page 11 2000 5000 users systems...

Page 8: ...nvironment has not been fully tested at this time in engineering Load Balancing Given the best configuration is usually a single high performance server with DAS then the least optimal way to perform...

Page 9: ...s The default settings of the Communication Server limit the queue to 200 entries a balance between taking connections and processing connections After that point the connections are refused This is a...

Page 10: ...use of Virtual Servers is a result of Lack of resources dedicated to the virtual server Dynamically assigned resources to the virtual server which starves it of the necessary performance during peak p...

Page 11: ...y is necessary it is better to include endpoints from all regions in the pilot phase Optimisation Actions NOTE These are generic recommendations based on experience but not always be suitable for your...

Page 12: ...me to five minutes Disable NTFS Last Access Update with a registry change Increase the size of the NTFS Master File Table MFT with a registry change Optimize backups Exclude the Object Directory and t...

Page 13: ...smaller than 5000 systems otherwise you find the number by multiplying the number of users or systems in the database by 0 6 Example If the number of users in the database is 10 000 the Locktimeout s...

Page 14: ...lable from your McAfee representative Attribs SingleFile No If this is set to Yes the attributes for objects will be placed into a single file instead of each one having their own file Not generally u...

Page 15: ...ours NOTE A similar setting KeepAliveInterval has a default 1000 1 second this setting is correct so do not change this Last Access Time Stamp NtfsDisableLastAccessUpdate With large databases it is po...

Page 16: ...3 or 4 instead of the default value of 1 Object Directory Backup Tool Setup If you set up your Object Directory backup tool make sure it is not running too many times a day because the in between tim...

Page 17: ...ed you schedule EEPC command line tool SBADMCL to cleanup machine audit and the user audit See Endpoint Encryption Object Directory Maintenance section below File Cache on Raid Hard Drive Controller L...

Page 18: ...containing old deleted users systems and other objects and are found through the System tab in the Endpoint Encryption Manager These objects can slow searches down If these objects are needed for aud...

Page 19: ...ds please see the Endpoint Encryption Scripting Tool User Guide which is found in most normal installations of the Endpoint Encryption Manager Extracting and Clearing Audit from the Database The audit...

Page 20: ...within the Object Directory is renamed The extension of the folder is renamed from RMV to WPE With a very large database these empty removed folders can sometimes slow down searches In a test lab try...

Page 21: ...have a full backup of SBDATA before doing this Restore Commands To restore orphaned user objects back into a group use this command SBADMCL Command RestoreUsers Adminuser Admin Adminpwd mypassword Gr...

Page 22: ...ects in the DumpMaDesc log can be deleted from the database If the normal deletion doesn t work use Windows Explorer to browse to the actual location in the database and delete the physical folder In...

Page 23: ...utes servicing each client EEPC has excellent password synchronization across all the endpoint clients a user is assigned to It is therefore logical that adding thousands of users to each machine will...

Page 24: ...nate Requests This option stops the machine from entering hibernation mode Note this option is not supported in Vista With later versions of EEPC v5 x this should normally be left disabled to allow no...

Page 25: ...ppear as a fixed drive and therefore swaps with the fixed disk after booting from it It can cause recovery problems with Remove or Emergency Boot for example Alternatively use with a floppy disk drive...

Page 26: ...tion to encrypted data Using one autoboot user for too many machines Instead use more autoboot users to reduce the multiple connections and load on the autoboot user object in the database Autoboot us...

Reviews:

No comments

Related manuals for ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

AVIRA ANTIVIR VIRUS SCAN ADAPTER FOR SAP SOLUTIONS User Manual preview
ANTIVIR VIRUS SCAN ADAPTER FOR SAP SOLUTIONS
Brand: AVIRA Pages: 67
Barracuda Networks NG Network Access Client SP4 Migration Instructions preview
NG Network Access Client SP4
Brand: Barracuda Networks Pages: 10
AMX I!-FTPSENDER Instruction Manual preview
I!-FTPSENDER
Brand: AMX Pages: 12
SSI TROPOS SUPERSEARCH 2.4.0.000 Installation Manual preview
TROPOS SUPERSEARCH 2.4.0.000
Brand: SSI Pages: 8
HP PROBOOK 4425S Specifications preview
PROBOOK 4425S
Brand: HP Pages: 4
Promise Technology dc5750 - Microtower PC User Manual preview
dc5750 - Microtower PC
Brand: Promise Technology Pages: 114
ARRI Ramp Preview Controller Operation Manual preview
Ramp Preview Controller
Brand: ARRI Pages: 46
F-SECURE POLICY MANAGER PROXY 2.0 - Administrator'S Manual preview
POLICY MANAGER PROXY 2.0 -
Brand: F-SECURE Pages: 24
Nikon Nikon View Software Manual preview
Nikon View
Brand: Nikon Pages: 12
GRASS VALLEY K2 TIMEDELAY Datasheet preview
K2 TIMEDELAY
Brand: GRASS VALLEY Pages: 2
UNIBLUE SYSTEMTWEAKER Quick Start Manual preview
SYSTEMTWEAKER
Brand: UNIBLUE Pages: 4
UNIBLUE SystemTweaker 2010 Product Manual preview
SystemTweaker 2010
Brand: UNIBLUE Pages: 13
FieldServer FS-8700-16 Driver Manual preview
FS-8700-16
Brand: FieldServer Pages: 32
TerraTec CAMEO DV800 Manual preview
CAMEO DV800
Brand: TerraTec Pages: 20
MACROMEDIA DREAMWEAVER MX 2004-DREAMWEAVER API Reference preview
DREAMWEAVER MX 2004-DREAMWEAVER API
Brand: MACROMEDIA Pages: 486
Native Instruments Scarbee MM-Bass User Manual preview
Scarbee MM-Bass
Brand: Native Instruments Pages: 39
National Instruments Measurement Studio User Manual preview
Measurement Studio
Brand: National Instruments Pages: 66
Tandberg Data B DLTSAGE INTEGRATION Integration Manual preview
B DLTSAGE INTEGRATION
Brand: Tandberg Data Pages: 36

Brands by name

Popular brands

Load more brands