Epe 50 03 Installation 4mb

8/12/2019 Epe 50 03 Installation 4mb

1/88

2007 McAfee, Inc. 2008 McAfee, Inc.

McAfee SafeBoot Securi ty

SafeBoot Installation

McAfee World-wide Learning and Development


2/88

2007 McAfee, Inc.

Copyright 2008 McAfee, Inc. All Rights Reserved.

Copyright 2008 McAfee, Inc. All Rights Reserved.

The training information provided herein is the property of McAfee, Inc., and is

intended for the sole use of the individual or organization purchasing thetraining. Distribution of the training material outside of the purchasing

organization is strictly prohibited.

All information contained herein is subject to change without notice. McAfee is

not responsible for errors or damages of any kind resulting from use of the

information contained herein. Every effort has been made to ensure the

accuracy of information presented as factual; however errors may exist.

Users are directed to countercheck facts when considering their use in other

applications. McAfee is not responsible for the content or functionality of any

technology resource not owned by the company.

The statements, comments, or opinions expressed by users through use of

McAfees technology resources are those of their respective authors, who are

solely responsible for them, and do not necessarily represent the views of

McAfee, Inc. and/or its affiliates.

2

2/21/2008


3/88

2007 McAfee, Inc.

Objectives

At the end of this section, the student will be able to;

Install the SafeBoot Management Center, including the

SafeBoot Server and SafeBoot Object Directory

Configure the SafeBoot system for use

Create and configure users

Create and configure machines

Create client installation sets

Install SafeBoot Device Encryption client, and SafeBoot

Content Encryption client

Test SafeBoot installations

At the end of this section, the student will be able to;

Install the SafeBoot Management Center, including the SafeBoot Server and SafeBoot Object Directory

Configure the SafeBoot system for use

Create and configure users

Create and configure machines

Create client installation sets

Install SafeBoot Device Encryption client, and SafeBoot Content Encryption client

Test SafeBoot installations


4/88

2007 McAfee, Inc.

1. Installation

McAfee SafeBoot Security


5/88

2007 McAfee, Inc.

SafeBoot Installation Sequence of Events

Installation is order-dependent

1. Install the SafeBoot Management Center2. Create the Object Directory database

3. Create the SafeBoot Server Application

4. Add users to system

5. Setup machine configurations

6. Create Installation Sets

7. Install SafeBoot clients

8. Test

The installation and setup of SafeBoot is order-dependent and must be done in the following

sequence:

1. Install the SafeBoot Management Center

2. Create the object database

3. Create the SafeBoot Server Application

4. Add Users to the System

5. Set Up Machine Configurations

6. Create Installation Sets

7. Install the SafeBoot installClient(s)

8. Test the System


6/88

2007 McAfee, Inc.

Installing SafeBoot Management Center

Insert SafeBoot CD

Run setup.exe Enter Product Code

Read/approve License Agreement

Determine program files to be installed

Choose encryption algorithm

Make token selections or deselect

Make Smart Card reader selections or

deselect

Select Client software

Select Themes

Select Languages

Click Next verify selections

Click Next to create the

installation set

Setup Wizard Complete will

appear

SafeBoot Management Center provides centralized management of the entire SafeBoot network of

users and machines.

1. When you insert the SafeBoot Disk into the CD drive, the various program file folders are

displayed.

2. Select the setup.exe file to start. The Welcome to SafeBoot Installation screen will appear. Click

Next.3. Enter your product code. The product code will arrive separately from the installation CD, usually

via email. Contact your SafeBoot sales representative if you need further clarification or you lose

your product code.

4. Read and approve the license agreement, click Yes to proceed.

5. Determine where you want the program files to be installed. Click Next.

6. Choose an encryption algorithm. If you are unsure, or have no preference, then select the default

AES (FIPS 256) or the algorithm that matches your companys security policies.

7. There are many types of components that you can select from the Optional Components window:

a. Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select

the type of device used to store the token.

b. Smart Card Readers: If you plan to use hardware devices to store tokens, you will need to selectthe type of reader to be used on both the administration system and the client systems. Deselect all

the readers if they are not required.

c. SafeBoot Device Encryption: Deselect this option if you are not installing Device Encryption.

d. Device Encryption Themes: Select the pre-boot graphic theme you would like to appear on your

client machines.

Note: you can insert your own graphics. Contact SafeBoot for further instruction.

e. Device Encryption / Content Encryption Client Languages: SafeBoot supports multiple languages.

Specify the language, or languages, required for your client machines. When you have selected your

components click on Next.

Continued Next Slide


7/88

2007 McAfee, Inc.

Installing SafeBoot Management Center

Insert SafeBoot CD

Run setup.exe Enter Product Code

Read/approve License Agreement

Determine program files to be installed

Choose encryption algorithm

Make token selections or deselect

Make Smart Card reader selections or

deselect

Select Client software

Select Themes

Select Languages

Click Next verify selections

Click Next to create the

installation set

Setup Wizard Complete will

appear

Continued From Previous

8. The Start Copying Files window provides you with the opportunity to review your choices before

actually installing the SafeBoot software. Review this list carefully.

a. If you want to make changes, simply hit the Back button until you get to the appropriate

window.

b. Make your changes.

c. Continue to click the Next button until you reach the Start Copying Files screen. If you wish,

review your configuration again.

9. Click on Next to create the installation set. This takes just a couple of minutes.

10.SafeBoot will display the Setup Wizard Complete when the installation has finished. Click the

Finish button to complete the process.

11.Restart the computer if required.


8/88

2007 McAfee, Inc.

Installation Product Code

Product Code

will activate thedifferent

SafeBoot

Products

Enter your product code. The customers product code will arrive separately from installation CD,

usually via email.


9/88

2007 McAfee, Inc.

Installation License Agreement

Click Yes on the License agreement.


10/88

2007 McAfee, Inc.

Installation Program Destination

Select the location where you want SafeBoot installed.


11/88

2007 McAfee, Inc.

Installation Algorithm choice

During Installation

the customer can

choose thealgorithm

appropriate for

their environment

Choose an encryption algorithm. If you are unsure, or have no preference, then select the default

AES (FIPS 256) or the algorithm that matches your companys security policies.


12/88

2/21/20

2007 McAfee, Inc.

Installation - Components

Tokens: If you are notusing physical

tokens, uncheck all

boxes for this option.

Otherwise, select the

type of device used

to store the token

There are many types of components that you can select from the Optional Components window:

a. Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select

the type of

device used to store the token.


13/88

2/21/20

2007 McAfee, Inc.


Smart Card Readers:If you use hardwaredevices to storetokens, select thetype of reader to beused on bothadministration systemand client systems.Deselect all thereaders if they arenot required

b. Smart Card Readers: If you plan to use hardware devices to store tokens, you will need to select

the type

of reader to be used on both the administration system and the client systems. Deselect all the readers

if they

are not required.


14/88

2/21/20

2007 McAfee, Inc.


Device EncryptionClient Languages:

SafeBoot supports

multiple languages.

Specify the language,

or languages, required

for your clients

c. Device Encryption Client Languages: SafeBoot supports multiple languages. Specify the language,

or languages, required for your clients.


15/88

2/21/20

2007 McAfee, Inc.


Content EncryptionClient Languages:

SafeBoot supports

multiple languages.

Specify the language,

or languages,

required for your

clients

Content Encryption Client Languages: SafeBoot supports multiple languages. Specify the language,

or languages, required for your clients.


16/88

2007 McAfee, Inc.

Installation Start Copying Files

Verify the components to install and click Next.


17/88

2007 McAfee, Inc.

Installation Setup Status

The Setup Status dialog will appear showing the progress of the installation.


18/88

2007 McAfee, Inc.

Installation Setup Complete

The Setup Wizard Complete dialog will appear once SafeBoot has completed installing. Click Finish.


19/88

2007 McAfee, Inc.

Installation Create the Object Directory

Object Directory database a.k.a. SafeBoot Administration

database Required to store security information for SafeBoot

One-time setup requirement Run SafeBoot Admin

Console Select Start

Select Programs

Select SafeBoot Administration Tools

Select SafeBoot Administration

To use the SafeBoot Management Centre, you must first configure the SafeBoot Administration

Database (Object Directory database). The object database is a repository for all the security

information (keys, policies, etc.) used in SafeBoot. The SafeBoot Administration System (SBAdmin)

provides the interface for configuring this database. The SafeBoot Administration Database and the

SafeBoot Management Centre tools must reside on the same computer.

Creating the object database is a one-time setup requirement. The only time you will be given the

option to create the database is the first time you run the SafeBoot Administration Tools. To start the

process:

1. Click the Start menu.

2. Select Programs.

3. Select "SafeBoot Administration Tools.

4. Select SafeBoot Administration.


20/88

2007 McAfee, Inc.

Installation Create Object Directory

The Create SafeBoot Database dialog will appear. Select the default Description and Driver. Set the

data path as desired, or use the default path. Click Next.


21/88

2007 McAfee, Inc.

Installation User and Machine Groups

SafeBoot creates

several logical

groups by default

You can add, edit,

or remove groups

during Object

Directory creation

As with many network applications, you can define users individually or within groups. The same

concept applies to SafeBoot users and machines (devices) that are attached to the network.

SafeBoot creates several default groups during installation. If you want, you can add, edit or remove

groups when creating the Object Directory.


22/88

2007 McAfee, Inc.

Installation Set SafeBoot Administrator

SbAdmin is default root

administrator name

Enter and re-enter

administrative password

for the root

administrator

NOTE: Because

hardware tokens were

deselected, Password

Only Token is the only

available option

SbAdmin is default root administrator name and it will automatically appear in the Root User dialog

box.

Enter and re-enter administrative password for the root administrator here. This will be the Root

Administrator login moving forward.

NOTE: Because hardware tokens were deselected during the component selection, Password Only

Token is the only available option for token on our screen.


23/88

2007 McAfee, Inc.

Installation Program Files / File Groups

SafeBoot program

(and other) files

can be stored in

Object Directory

Used for updating

install sets to client

machines

SafeBoot program files, as well as other program files, can be stored within the SafeBoot Object

Directory. This simplifies the distribution and updating of install sets for client machines.

The Program Files dialog lists all of the files that should be stored within the object database. Accept

the list that is presented by clicking Next. You can add, edit or remove program files by selecting

the appropriate buttons.


24/88

2007 McAfee, Inc.

Installation Create New Database

Click Finish on the Create New Database dialog. The SafeBoot Object Directory database will be

created and the status will display in the Creation Status window.


25/88

2007 McAfee, Inc.

Installation Create New Database

Once the Object Directory has been created, the Database creation complete dialog will appear.

Click OK.


26/88

2007 McAfee, Inc.

Installation Login to the Object Directory

You will be prompted to authenticate with the new Object

Directory

Login with the root

administrator credentials

created earlier, by default

SbAdmin

Once authenticated, the

SafeBoot Administration

Console will launch

You will be prompted to authenticate with the new Object Directory Login with the root

administrator credentials created earlier, by default SbAdmin. Once authenticated, the SafeBoot

Administration Console will launch.


27/88

2007 McAfee, Inc.

Installation SafeBoot Administration Console

SafeBoot Administration Console


28/88

2007 McAfee, Inc.

Installation SafeBoot Server

To create the SafeBoot

Server;

In the Admin Console, selectthe System Tab

Expand the SafeBoot Server

group tree in the left navigation

pane

Double-click on SafeBoot

Servers

Right-click in the SafeBoot

Server Groups window and

select New Server

The SafeBoot system requires a communication server to handle the exchange between the client

machines and the SafeBoot Object Directory. To create this server:

In order to create the SafeBoot Server;

1. In the Administration Console, select the System Tab

2. Expand the SafeBoot Server group tree in the left navigation pane

3. Double-click on SafeBoot Servers

4. Right-click in the SafeBoot Server Groups window and select New Server


29/88

2007 McAfee, Inc.

Installation New Server

Enter the information for the

new server; Name IP Address (if needed)

Port (if needed)

Diffie-Hellman key size

Server Description

Add to available database

connections

Enter the information for the new server;

Name the server

IP Address (if needed)

Port (if needed) SafeBoot Server uses 5555 by default

Diffie-Hellman key size

Server Description

Add to available database connections.

Click OK and the Creating SafeBoot Server dialog appears as the server keys are generated. This

process can take a few minutes.


30/88

2007 McAfee, Inc.

Installation New Server

The new server will appear in

the SafeBoot Server Groups

window

The new server will appear in the SafeBoot Server Groups window


31/88

2007 McAfee, Inc.

Installation Start SafeBoot Server

In order to start the SafeBoot Server;

Select Start

Select ProgramsSelect SafeBoot Administration Tools

Select SafeBoot Database Server

In order to start the SafeBoot Server;

Select Start

Select Programs

Select SafeBoot Administration Tools

Select SafeBoot Database Server


32/88

2007 McAfee, Inc.

Installation Start SafeBoot Server

Authenticate with the root

administrator credentials

Select the Server

configuration to use

Authenticate with the root administrator credentials created previously.

Next, select the configuration to use for this server. In this example, there is only one configuration

created and it is the default.

You may want to choose Use these settings automatically if you will always use this configuration

for this server.


33/88

2007 McAfee, Inc.

Installation SafeBoot Server Window

The SafeBoot Database Server

window will open

The SafeBoot Database Server window will open.


34/88

2007 McAfee, Inc.

Installation Start SafeBoot Server as a Service

To configure the SafeBoot Server to start as a service;

In the SafeBoot Database Server, select File -> Start Service

Verify that you wish to

start as a service

To configure the SafeBoot Server to start as a service;

In the SafeBoot Database Server, select File -> Start Service

Verify that you wish to start the SafeBoot Server as a service.


35/88

2007 McAfee, Inc.

Installation Server Service

Once complete you will

see SbDbServer.exe inTask Manager

Appears as Automatic

service in Windows

Services

Once you have verified that you want to start SafeBoot Server as a service, you will see the

SbDbServer.exe process in Task Manager. The SafeBoot Database Server is listed in Windows

Services with automatic start-up.


36/88

2007 McAfee, Inc.

Installation Create Users

To create users; In the SafeBoot Administration Console, on the Users tab,

expand SafeBoot User Groups

Double-click a user group, for example, SafeBoot Users

Right-click in the user group window and select CreateUser

All users needaccounts

Windows Mobiledevices are treatedas machines

All users of the SafeBoot system need their own account, with the exception of Windows mobile

devices, as these are treated as machines.


37/88

2007 McAfee, Inc.


Create User dialog displays

Enter user name this will betheir SafeBoot Login name

Add identifying information for

HelpDesk

To complete the process, the Create User window is displayed.

a. Enter a name for the user. They will use this to log in.

b. Add identifying information for authenticating a user when they need assistance from the

helpdesk.

c. The identifying information can be edited or cleared when required.


38/88

2007 McAfee, Inc.


The new

user will

appear inthe User

Group

Window

The new user will appear in the User Group Window.


39/88

2007 McAfee, Inc.

Installation New User Properties

To view/modify user properties, right-click on the user

entry in the User Group window, and select Properties

To view/modify user properties, right-click on the user entry in the User Group window, and select

Properties.


40/88

2007 McAfee, Inc.


The User

Properties dialogdisplays

Note attribute

categories in left

pane

The User Properties dialog will display showing the users attribute information.

Note the attribute category icons in the left navigation pane that allow you to view several different

areas of user attributes.


41/88

2007 McAfee, Inc.


Select the Admin

Rights icon Set the

appropriate

Administration

Level for this

user

(recommend 1

for normal users)

If you select the Admin Rights icon in the navigation pane, you can set the appropriate

Administration Level for this user. We recommend a level of 1 for normal users.


42/88

2007 McAfee, Inc.

Installation Setup Machine Groups

Select Devices Tab

Expand Machine Groups

tree

Double-click machine

group

Right-click in group

window, select Create

machine

The next step is to create a machine group and set its configuration:

From the SafeBoot Administration Console, select the Devices tab

Expand the SafeBoot Machines Groups tree

Double-click the SafeBoot Machines group this will open the SafeBoot Machine

Group window

Right-click in the SafeBoot Machine Group window and select Create Machine


43/88

2007 McAfee, Inc.

Installation Create New Machine

The Create New Machine dialog appears

Enter the machine name

Enter a description if desired

The Create New Machine dialog will appear. Enter the name of the machine to add to the group, and

a description if desired. Click OK.


44/88

2007 McAfee, Inc.

Installation Machine Groups

The new machine

will appear in the

machine group

window

The new machine will appear in the machine group window, in this case, the SafeBoot Machines

group.


45/88

2007 McAfee, Inc.

Installation Machine Properties

To view the properties

for the machine, right-

click and selectProperties

The machine properties window

appears

To view the properties of the machine, right-click the machine entry in the group window and select

Properties. The properties window for the selected machine will appear.


46/88

2007 McAfee, Inc.

Installation Machine Properties

Select the Options that

you want to enforce for

this machine

Click Apply

Close

In the machine properties window, select the SafeBoot Option that you want to enforce for this

machine in the Option window, and click Apply. Close the properties window.


47/88

2007 McAfee, Inc.

Installation Add Users to Machine Groups

Add user(s) to machines

Right-click the machine

group and select Properties

Users must be added to a machine group in order to log in to a protected machine. You can add

individual users or the entire group of users to a machine group.

To add users to a machine group, right-click the machine group in the navigation pane and select

Properties.


48/88


49/88

2007 McAfee, Inc.

Installation Add Users to Machine Groups

The user will appear

in the users list of themachine group

properties window

The user will appear in the users list of the machine group properties window.


50/88

2007 McAfee, Inc.

Installation Create DE Client Installation Sets

Client files for install set

reside in Object

Directory

From Admin Console; On the Devices tab, right-

click the machine group

Select, Create installation

set

For Device

Encryption

The files necessary for creating the install set are located in the SafeBoot Administration Database.

The install set is associated with the machine level functions.

From the SafeBoot Administrator window:

On the Devices tab, right-click the machine group you are creating the installation

set for

Select Create Installation Set


51/88

2007 McAfee, Inc.


Select Online or

Offline installation Since we have a

communication

server, select

Online

Object Directory

must be available

to client for Online

install

In a previous step, we set up a communications server, so we use the Online install method. The

client machine must be able to access the SafeBoot Object Directory at install for Online

installations.


52/88

2007 McAfee, Inc.


Select the SafeBoot

communicationserver the client

should use

Check the server created to handle the communications between client machines and the SafeBoot

Administration Database. Click Next.

Keep in mind that this server will be remote from the clients. You need to create an install set for

each machine group that you have created.

In large scale network installations you may have more than one server running. Clients will select

the best connection from the available servers to perform the synchronization function.


53/88

2007 McAfee, Inc.


Set install set file

path Select client

installation path

Note silent install

and restart options

Click Finish

On the Create Install Set dialog, you can set the path where the install set files will be created, as well

as the client installation path.

Note that you can also option a silent install and automatic client restart. For testing, DO NOT select

either the Silent Installation option or the Automatic Restart. You will want to monitor the

install, and selecting either of these options does not allow you to monitor the success of the

installation.

Click Finish.


54/88

2007 McAfee, Inc.


You will see

SafeBootperforming the

Installation Set

creation in the

status window

You will see SafeBoot performing the Installation Set creation in the status window. Once the Install

Set Creation Complete dialog displays, the installation set files have been written to the install set

path specified.

Click OK.


55/88

2007 McAfee, Inc.


SafeBoot DE InstallationSet file;

SAFEBOOT5x.exe Located in the folder

specified in the CreateInstall Set dialog

Distribute via CD,network share, loginscript, etc. or use withMSI wrapper

The SafeBoot Device Encryption for PC installation set file, SAFEBOOT5x.EXE will appear in the

folder specified previously.

This file can be written to CD or other removable storage and manually installed on the machines, or,

installed by other distribution method such as logon scripts, network shares, or provided with an msi

wrapper for use with 3rdparty software distribution systems.


56/88

2007 McAfee, Inc.

Installation Create CE Client Installation Sets

Client files for install set

reside in Object

Directory

From Admin Console; On the Policies tab, right-

click the policy group

Select, Create installation

set

For Content

Encryption

The files necessary for creating the install set are located in the SafeBoot Administration Database.

From the SafeBoot Administrator window:

On the Policies tab, right-click the policy group you are creating the installation set

for.

Select Create Installation Set


57/88

2007 McAfee, Inc.


Select the file

groups you want toinclude in the client

Select what file groups you want to include in the client. For a basic test installation, only select

SafeBoot Content Encryption for PC client files.


58/88

2007 McAfee, Inc.


Select the

SafeBootcommunication

server the client

should use

Select what SafeBoot communication server shall be used by the client.


59/88

2007 McAfee, Inc.


Set install set file

path Set client

installation path

Note uninstall

password option

Note silent install

and automatic

restart options

Set the path where the Content Encryption installation set file should be created

Set the client installation path

Note that you can specify a required password for uninstalling the client

Note the Silent install and automatic restart options. Do not use these options for test installations.

Click Finish.


60/88

2007 McAfee, Inc.


The install set creation status will display in the window. Install set creation complete dialog appears

once the install set file has been created.


61/88

2007 McAfee, Inc.


SBCE.EXE SafeBoot Content

Encryption install set fileappears in the specified folder

Distribute via CD, networkshare, login script, etc. or usewith MSI wrapper

The SBCE.EXE install set file for Content Encryption appears in the folder specified previously.

This file can be written to CD or other removable storage and manually installed on the machines, or,

installed by other distribution method such as logon scripts, network shares, or provided with an msi

wrapper for use with 3rdparty software distribution systems.


62/88

2007 McAfee, Inc.

Creating Encryption Keys for SafeBoot CE

Encryption keys are used to mathematically scramble

data Client must have access to key to decrypt data

Keys needed for each group of users Example: Human Resources key available to HR members only

Many keys can be created depending upon security

needs

HRHR

Encryption keys mathematically scramble data so that it cannot be read. Without access to the

encryption key the information cannot be read.

SafeBoot Content Encryption requires encryption keys for each group of users that will share

restricted data. For example, if Human Resources wants to encrypt the information on their network

shares to protect it from all other departments, an encryption key for HR will have to be created and

distributed to each HR employee.

You can create many keys to protect different classes of data, depending upon your security

requirements.


63/88

2007 McAfee, Inc.


To create a new encryption key;

First, create a new Encryption Keys group

Navigate to the Policies tab in the SafeBoot

Administration Console

Right-click on the Encryption Keys Groups

node, select Create Group

Enter Group

name &

Description

To create a new encryption key, you must first create an Encryption Keys group.

Navigate to the Policies tab in the SafeBoot Administrator.

Right-click on the Encryption Keys Groups node and select Create Group.

The New Group dialog appears, enter a name and description for the new

Encryption Key Group.

Click OK.


64/88

2007 McAfee, Inc.


The new key group will appear in the tree

Double-click it to open the key group window

The new Encryption Key Group will appear in the tree view of the navigation pane. Double-click the

new group entry to open the key group window for that group.


65/88

2007 McAfee, Inc.


Right-click in the new Encryption Key group and select Add key

Provide key Name,

Algorithm & Description

To create a new key in the Encryption Key group, right-click in the group window and select Add

Key.

The New Key Object dialog appears. Enter a name for the key.

Select the algorithm to use for encryption.

Enter a description for this key.

Click OK.


66/88

2007 McAfee, Inc.


The new key will appear in the

Encryption Keys Group window

The new key will appear in the Encryption Keys Group window.


67/88

2007 McAfee, Inc.


To set validity and assign

users to the key, right-

click the key and select

Properties

Set the date the key

expires under Expiry

Youll need to set the validity for the key, as well as assign users.

To set the expiration date, click the pull-down under Expiry and select the date from the calendar

applet.


68/88

2007 McAfee, Inc.


To allow the key to be

used by machines that

are offline, select Allow

key to be cached locally

To allow the key to be used by machines that are offline (not network connected), select Allow key

to cached locally under Caching.


69/88

2007 McAfee, Inc.


Select the Users icon

New keys default to AllSafeBoot Users

To assign specific users,

click the Add button

NOTE: Once specific

users are assigned, only

users on the list can

change key properties

Add the Administrator!

To assign users to a key, select the Users Icon from the Key Properties window. Note that new keys

default to an assignment of All SafeBoot Users.

To assign the key to specific users, click the Add button.

IMPORTANT NOTE: Once specific users have been assigned to a key, only users on the list can

change the key properties. Be sure to add the SafeBoot Administrator to the users list for this key.


70/88

2007 McAfee, Inc.


Select users to assign

Remember the Admin!

Select the user(s) to assign and click OK. Dont forget to add the SafeBoot Administrator.


71/88

2007 McAfee, Inc.


The users assigned

will appear on theproperties for the

key

Note that All

SafeBoot Users is

automatically

removed

The users you selected will appear under, Restrict Access To in the key properties window. Notice

that the entry for All SafeBoot Users has automatically been removed.

Click Apply and then Close.


72/88

2007 McAfee, Inc.

Creating Encryption Policies SafeBoot CE

Polices determine allowed user actions

Control automatic encryption File types, folders, etc

Automatic encryption of removable media available

New policies prevent critical operations by default

Edit the policy to allow access to SafeBoot CE functions

SafeBoot Content Encryption Policies define what functions a user can perform with the SafeBoot

CE Client. For example, the users ability to create their own encrypted files can be switched off, as

can the user's ability to manually decrypt data; however, you do not need to be able to decrypt a file

to access it.

SafeBoot CE policies also control the automatic encryption of information. For example, you can

specify that all .doc files should be created as encrypted, or all files in My Documents should be

encrypted, or, a folder on a network share.

A policy may also specify that data written to removable media, such as USB memory devices and

removable hard disks shall always automatically be encrypted.

The default settings for a new policy group, or new policy object, prevent any sensitive/critical

operation. If you want to allow access to the functions of SafeBoot CE you need to change the

settings of the corresponding policy.


73/88

2007 McAfee, Inc.


On the Policies tab, right-click

Content Encryption Policy

Groups

Select Create Policy Group

On the Policies tab, right-click Content Encryption Policy Groups. Select Create Policy Group.


74/88

2007 McAfee, Inc.


Enter a name and description for

the new Policy Group

Enter a name and description for the new Policy Group.


75/88

2007 McAfee, Inc.


The new Policy Group window will

appear

To add a new policy, right-click in the

window and select Add

The new Policy Group window will appear. To add a new policy, right-click in the window and

select Add.


76/88

2007 McAfee, Inc.


Provide a name and description for the new Policy

Provide a name and description for the new Policy.


77/88

2007 McAfee, Inc.


The new policy will appear in the Policy Group window

Double-click the policy to view the properties

The new policy will appear in the Policy Group window. Double-click the policy to view the

properties.


78/88

2007 McAfee, Inc.


Select the policy options that

you want from the categoriesavailable

Click Apply and Close

Select the policy options that you want from the categories available. Click Apply and Close.


79/88

2007 McAfee, Inc.

Assigning Policies to Users

From the Users tab, find the

user in the group you wish to

assign and view the

properties

Click the Policies icon

Click the Add button

From the Users tab, find the user in the group you wish to assign and view the properties. Click the

Policies icon.


80/88

2007 McAfee, Inc.

Assigning Policies to Users

Select the policy to assign and click

OK

Select the policy to assign and click OK.


81/888

2007 McAfee, Inc.

2. Client Installation



82/88

2007 McAfee, Inc.

SafeBoot Client Installation

SafeBoot Device Encryption client

SafeBoot Content Encryption client Installed from previously created installation sets

Install options; Manual via removable media

Manual via Network share

Login Script

MSI Wrapper/3rd party distribution

The next step is the installation of the SafeBoot Device Encryption client, and the SafeBoot Content

Encryption client, using the installation sets previously created.

You can manually install the clients, or use other common methods such as executing from a network

share or via a login script. For larger deployments, using a 3rdparty distribution mechanism such as

SMS would be recommended.


83/88

2007 McAfee, Inc.

SafeBoot Client Installation

In this example, the installation set files have been placed in a network share called SafeBootShare.

The client installation will be executed at the client from this share.


84/88

2007 McAfee, Inc.

SafeBoot Device Encryption Client Install

Double-click SAFEBOOT5x.EXE from the share

Double-clicking the SAFEBOOT5x.EXE install set launches the SafeBoot DE client installation.

Once complete, the Setup Complete dialog appears. SafeBoot Device Encryption client has been

installed.


85/88

2007 McAfee, Inc.

SafeBoot Content Encryption Client Installation

Double-click SbCE.EXE from the share to launch the

installer Click Next

To install the SafeBoot Content Encryption Client, double-click the SbCE.EXE installation file from

the share and click Next. The SafeBoot CE Installer will run.


86/88

2007 McAfee, Inc.

SafeBoot Content Encryption Client Installation

Once CE is installed, the Setup Complete dialog appears

Restart the machine

Once SafeBoot Content Encryption client has been installed, the Setup Complete dialog appears.

Restart the machine to complete the installation.


87/88

2007 McAfee, Inc.

SafeBoot Login

After restart SafeBoot login

appears Default password 12345

Set new, unique password

After the machine restarts, the SafeBoot login screen will appear. Use the default password of

12345 for the initial login, and then change the password when prompted.


88/88

2007 McAfee, Inc.

End ModuleSafeBoot Installation
