Trend Micro Endpoint Encryption 5.0 Patch 3 Help

Collapse AllExpand All
  • "Log on as batch job" policy [1]
  • about
    • account types [1]
    • authentication [1]
    • client-server architecture [1]
    • Encryption Management for Microsoft BitLocker [1]
    • Endpoint Encryption [1]
    • Endpoint Encryption Service [1]
    • File Encryption [1] [2]
    • FIPS [1]
    • Full Disk Encryption
      • Encryption Management for Apple FileVault [1]
      • Encryption Management for Microsoft BitLocker [1]
    • groups [1]
    • Legacy Web Service [1]
    • Maintenance Agreement [1]
    • OfficeScan [1]
    • PolicyServer [1] [2] [3]
    • users [1]
    • widgets [1]
  • aboutEncryption Management for Apple FileVault [1]
  • Accessibility
    • on-screen keyboard [1]
  • accounts
  • Active Directory [1] [2] [3] [4] [5]
  • agents [1]
  • agent tree [1] [2]
    • about [1]
    • specific tasks [1]
  • alerts [1]
  • appendices [1]
  • authentication [1] [2]
  • authentication methods [1]
  • automatic deployment settings
    • Scheduled Download [1]
  • centrally managed [1]
  • central management [1] [2]
  • changing passwords [1]
  • changing setting permissions [1]
  • client-server architecture [1]
  • ColorCode [1] [2]
  • Command Line Helper [1] [2] [3]
  • Command Line Helper Installer [1]
  • community [1]
  • components
    • downloading [1]
  • configuring [1]
    • managed products [1]
    • Scheduled Download
      • automatic deployment settings [1]
    • Scheduled Download Exceptions [1]
    • Scheduled Download Settings [1]
    • user accounts [1]
  • configuring proxy settings
    • managed server list [1]
  • Control Manager [1] [2] [3] [4] [5]
  • Control Manager antivirus and content security components
    • Anti-spam rules [1]
    • Engines [1]
    • Pattern files/Cleanup templates [1]
  • Control Manager integration [1] [2] [3] [4]
  • copying policy settings [1]
  • creating
  • creating policies
    • centrally managed [1]
    • copying settings [1]
    • setting permissions [1]
  • CSV [1]
  • DAAutoLogin [1] [2] [3]
  • dashboard
  • data protection [1]
  • data recovery [1]
  • data views
    • understand [1]
  • Decrypt Disk [1]
  • decryption
    • Recovery Console [1]
  • deleting
  • deleting policies [1]
  • demilitarized zone [1]
  • deployment
  • deployment plans [1]
  • device [1]
  • devices [1]
  • Directory Management options [1]
  • Directory Manager [1]
  • domain authentication [1]
    • File Encryption [1]
  • Download Center [1]
  • download components
  • downloading and deploying components [1]
  • draft policies [1]
  • editing managed servers [1]
  • editing policies [1] [2] [3]
  • encryption [1] [2]
  • Encryption Management for Apple FileVault
  • Encryption Management for Microsoft BitLocker
  • Endpoint Encryption
  • enhancements [1]
  • error messages
  • features [1]
  • File Encryption [1]
    • agent service [1]
    • authentication [1]
    • changing password [1]
    • file encryption [1]
    • first-time use [1]
    • PolicyServer sync [1]
    • Remote Help [1] [2]
    • reset password [1] [2]
    • secure delete [1]
    • single sign-on [1]
    • tray icon
    • unlock device [1] [2]
  • filtered policies [1]
    • reordering [1]
  • FIPS
    • about [1]
    • FIPS 140-2 [1]
    • security levels [1]
  • fixed password [1]
  • folders
  • Full Disk Encryption [1]
    • agent service [1]
    • authentication [1] [2]
      • changing password [1]
    • change [1] [2]
    • change PolicyServer [1]
    • changing enterprises [1]
    • clean up files [1]
    • connectivity [1]
    • Decrypt Disk [1]
    • menu options [1]
    • network configuration [1]
    • Network Setup [1]
    • patching [1]
    • PolicyServer settings [1]
    • port settings [1]
    • Recovery Console [1]
      • manage policies [1]
      • manage users [1]
      • Windows [1]
    • recovery methods [1]
    • Remote Help [1] [2]
    • Self Help [1]
    • synchronize policies [1]
    • TCP/IP access [1]
    • tools [1]
    • uninstall [1]
    • Windows patches [1]
  • Full Disk Encryption Preboot [1]
    • authentication [1]
    • keyboard layout [1]
    • menu options [1]
    • network connectivity [1]
    • on-screen keyboard [1]
    • wireless connection [1]
  • groups [1] [2]
    • creating offline groups [1]
    • install to group [1]
    • modifying [1]
    • offline groups [1]
    • remove device [1] [2]
    • removing [1]
    • subgroups [1]
    • types [1]
  • help desk policies [1]
  • importing users [1]
  • key features [1]
  • LDAP [1]
  • LDAP Proxy [1] [2]
  • log events [1] [2]
  • logs [1] [2] [3]
    • alerts [1]
    • managing events [1]
    • querying [1]
    • setting alerts [1]
  • maintenance [1]
  • Maintenance Agreement
  • managed products
    • configuring [1]
    • issue tasks [1]
    • recovering [1]
    • renaming [1]
    • searching for [1]
    • viewing logs [1]
  • managed server list [1]
    • configuring proxy settings [1]
    • editing servers [1]
  • manually download components [1]
  • MBR
    • replacing [1]
  • MCP [1] [2]
  • modifying
  • Network Setup [1]
  • OfficeScan
    • uninstalling agents [1]
  • online
    • community [1]
  • on-screen keyboard [1]
  • passwords [1] [2] [3]
    • change fixed password [1]
    • change method [1]
    • Remote Help [1]
    • resetting [1] [2] [3]
      • Active Directory [1]
      • Enterprise Administrator [1]
      • Enterprise Authenticator [1]
      • Group Administrator [1]
      • Group Authenticator [1]
      • user [1] [2]
    • resetting active directory [1]
    • resetting Enterprise Administrator/Authenticator [1]
    • resetting fixed password [1]
    • resetting Policy Administrator/Authenticator [1]
    • resetting to fixed password [1]
    • resetting user [1] [2]
    • Self Help [1]
  • pending targets [1]
  • Personal Identification Number (PIN) [1]
  • PIN [1]
  • Plug-in Manager [1]
  • policies [1] [2]
  • policy
    • install devices [1]
  • policy control [1]
  • policy list [1] [2]
  • policy management [1]
    • centrally managed [1]
    • copying policy settings [1]
    • deleting policies [1]
    • draft policies [1]
    • editing managed servers [1]
    • editing policies [1] [2] [3]
    • filtered policies [1]
    • managed server list [1]
    • pending targets [1]
    • policy list [1] [2]
    • policy priority [1] [2]
    • reordering policies [1]
    • setting permissions [1]
    • specified policies [1]
    • targets [1]
    • understanding [1]
    • upgrading policy templates [1]
  • policy mapping
    • Control Manager [1]
    • PolicyServer [1]
  • policy priority [1]
  • PolicyServer
  • PolicyServer MMC [1] [2] [3]
  • policy settings
  • policy targets [1]
  • policy templates [1]
  • policy types
  • product components [1]
  • product definitions [1]
  • Product Directory
    • deploying components [1]
  • product overview [1]
  • proxy settings
    • managed server list [1]
  • query logs [1]
  • recovering
    • managed products [1]
  • recovery
    • clean up files [1]
  • recovery console
  • Recovery Console [1]
    • access [1]
    • changing enterprises [1]
    • changing PolicyServer [1] [2]
    • Decrypt Disk [1]
    • functions [1]
    • log on [1]
    • manage policies [1]
    • manage users [1]
    • Mount Partitions [1]
    • network configuration [1]
    • Network Setup [1]
    • recovery methods [1]
    • Repair CD [1]
    • Restore Boot [1]
    • users
    • view logs [1]
    • Wi-Fi [1]
  • recovery methods [1]
  • registering
    • to Control Manager [1]
  • registration
  • Remote Help [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]
  • renaming
    • folders [1]
    • managed products [1]
  • Repair CD [1] [2] [3]
    • data recovery [1]
    • decryption [1]
  • reporting [1] [2]
  • reports [1] [2] [3]
  • report templates [1]
  • Restore Boot [1]
  • schedule bar [1]
  • Scheduled Download
    • configuring
      • automatic deployment settings [1]
  • Scheduled Download Exceptions
    • configuring [1]
  • Scheduled Download Frequency
    • configuring [1]
  • Scheduled Downloads [1]
  • Scheduled Download Schedule
    • configuring [1]
  • Scheduled Download Schedule and Frequency [1]
  • Scheduled Download Settings
    • configuring settings [1]
  • searching
    • managed products [1]
  • security
    • account lock [1] [2]
    • account lockout action [1] [2]
    • account lockout period [1] [2]
    • anti-malware/antivirus protection [1]
    • device lock [1] [2]
    • erase device [1] [2]
    • failed login attempts allowed [1] [2]
    • remote authentication required [1] [2]
    • time delay [1] [2]
  • Self Help [1] [2] [3] [4]
    • answers [1]
    • defining answers [1]
    • password support [1]
  • setting permissions [1]
  • showing permissions [1]
  • smart card [1] [2] [3]
    • authentication [1]
  • smart cards [1] [2] [3]
  • specified policies [1]
  • SSO [1]
  • summary dashboard [1]
    • adding tabs [1]
    • deleting tabs [1]
    • modifying tabs [1]
    • tabs [1]
  • support
    • knowledge base [1]
    • resolve issues faster [1]
    • TrendLabs [1]
  • tabs
    • about [1]
    • deleting [1]
    • modifying [1]
    • summary dashboard [1]
  • targets [1]
  • terminology [1]
  • tokens [1] [2] [3]
  • tools
    • Command Line Helper [1]
    • DAAutoLogin [1]
    • Recovery Console [1]
    • Repair CD [1]
  • top group [1] [2]
  • TrendLabs [1]
  • Trend Micro Control Manager
    • managed product user access [1]
    • registering to [1]
  • trial license [1]
  • understand
    • data views [1]
    • deployment plans [1]
    • log queries [1]
    • logs [1]
  • understanding
    • Endpoint Encryption [1]
  • uninstalling
  • upgrading policy templates [1]
  • URLs
    • registration [1]
  • users [1] [2] [3] [4]
    • Active Directory passwords [1]
    • adding [1] [2]
    • adding existing user to group [1] [2] [3]
    • adding existing user to policy [1]
    • adding new user to group [1] [2] [3]
    • add new enterprise user [1] [2]
    • change default group [1]
    • change default policy [1]
    • finding [1]
    • group membership [1]
    • group vs enterprise changes [1]
    • import from AD [1] [2]
    • importing with CSV [1]
    • install to group [1]
    • install to policy [1]
    • lockout [1] [2]
    • modifying [1]
    • passwords [1] [2]
    • policy membership [1]
    • remove from group [1] [2]
    • remove user from policy [1]
    • restore deleted [1] [2] [3]
  • users and groups [1]
  • viewing
    • managed products logs [1]
  • widgets
    • adding [1]
    • adding tabs [1]
    • configuring [1]
    • customizing [1]
    • deleting [1]
    • description [1]
    • Endpoint Encryption [1]
    • Endpoint Encryption Device Lockout [1]
    • Endpoint Encryption Security Violations Report [1]
    • Endpoint Encryption Status [1]
    • Endpoint Encryption Unsuccessful Device Logon [1]
    • Endpoint Encryption Unsuccessful User Logon [1]
    • options [1]
    • understanding [1]
  • Wi-Fi [1] [2]
  • Windows patch management [1]

Configuring Endpoint Encryption Users Rules Parent topic

The following procedure explains the configurable options for policy rules that affect authentication and Endpoint Encryption user accounts.

Procedure

  1. Create a new Endpoint Encryption policy.
    See Creating a Policy.
  2. Click Users.
    The Users policy rules settings appear.
    user_policies_tmcm.jpg

    Endpoint Encryption Users Policy Rules

  3. If users require domain authentication, select Enable domain authentication under Domain User Settings.
    If you selected Enable domain authentication, specify the server information for your Active Directory (AD) account.
    1. Configure the AD domain name.
    2. Configure the host name of the AD server.
    3. Select the server type:
      • LDAP
      • LDAP proxy
  4. Under User Management, configure user access.
    Option Description
    All Endpoint Encryption users
    Allow all users, domain and local accounts, to authenticate Endpoint Encryption devices.
    Active Directory users
    Allow users from organizational units (OUs) within an AD to authenticate Endpoint Encryption devices.
    Note
    Note
    Select Enable domain authentication to enable the Active Directory users option.
    To configure domain authentication, see PolicyServer Active Directory Synchronization in the Endpoint Encryption Installation and Migration Guide.
    Select specific users
    Specify which already added Endpoint Encryption users can authenticate to managed endpoints.
    Note
    Note
    In order to select specific users with this option, you must populate the user list. Add OUs with the Active Directory users option or add users with the Endpoint Encryption Users widget.
    For more information about the Endpoint Encryption Users widget, see Adding Users to Endpoint Encryption.
  5. If you selected Active Directory users, add OUs to the policy by their distinguished name.
    After selecting Active Directory users, the following additional options appear:
    user_policies_ad.jpg
    Option Description
    User name
    Specify your Active Directory user name.
    Password
    Specify your Active Directory password.
    Distinguished name
    Specify each OU by its sequence of relative distinguished names (RDN) separated by commas.
    Example: OU=TW, DC=mycompany, DC=com
    After specifying the OU distinguished name, click OK.
    Important
    Important
    Endpoint Encryption supports up to 12 OUs per policy.