Endpoint Encryption Users | Trend Micro Service Central

Views:

The Endpoint Encryption Users widget provides user management capability directly from the Control Manager dashboard. Use the Endpoint Encryption Users widget to add or remove Endpoint Encryption user accounts, reset passwords, change permissions, configure policy group priority, import from Active Directory, and search for specific user accounts.

Note:

For information about adding existing Endpoint Encryption users to a policy, see Configuring Endpoint Encryption Users Rules.

Item	Description
Show	Select which users to display: all users in the Enterprise, or users in a specific policy.
Search ()	Click the icon to filter which Endpoint Encryption users appear in the table. Use the search field to specify parameters to search against.
Settings () Right-click a user	Click the icon to view user attributes or to perform actions on any selected user.
Add users ()	Click the icon to add individual users, import users from a CSV file, or import users from Active Directory LDAP.
Number of users	View the total number of users in the entire Enterprise, selected policy, or specified search.

User Settings Options

The following table explains the options available under the settings icon.

Table 1. User Settings Options
Option	Description
Change password	Specify a new password for users using the Fixed password authentication type. The widget does not support changing passwords for the Domain authentication type.
Delete user	Removes the selected user.
Modify user	Update the properties of the selected user. The following properties can be modified: User name First name Last name Employee ID Email address Freeze User type One policy Authentication method
List policies	Displays the policies where the selected user is a member. If the Allow Install column for the selected user is Yes, then the option to allow or disallow the installation of selected policies, as well as selecting which policies should be given first priority is enabled.

Add New User Options

The following table explains the options available when adding a new Endpoint Encryption user.

Table 2. Add New User Options
Option	Description
User name	Specify the account user name that the user uses to authenticate.
First name	Specify the user's first name.
Last name	Specify the user's last name.
Employee ID	Specify the user's employee ID (optional).
Email address	Specify user's email address (optional).
Freeze	Select Yes to temporarily lock the account. A locked account cannot log on to Endpoint Encryption devices.
User type	Select User, Authenticator, or Administrator. For more information about user roles, see Users.
One group	Select Yes to only allow the user to belong to one policy at a time. The user may not be added to any other policy groups. If you set this option to Yes and set the User type to Authenticator or Administrator, the user will be a group authenticator or group administrator respectively.
Authentication method	Select the authentication method available to the user.

Policy Membership

The following table explains how to understand Endpoint Encryption user policy membership.

Note:

Encryption Management for Apple FileVault and Encryption Management for Microsoft BitLocker do not require authentication and are not affected by authentication policies. Client, login, password, and authentication policies, or allowing the user to uninstall the Endpoint Encryption agent software only affects the Full Disk Encryption and File Encryption agents.

Header	Example	Description
Priority	1, 2. 3	Shows the order that Endpoint Encryption applies policies. When a policy is triggered that affects a user, Endpoint Encryption takes the action, and then no other policies affect the user for that event.
Policy Name	GP1	Shows the name of all policies that the user is currently assigned.
Description	Temporary employees policy.	Shows the description of the policy.
Allow Install	Yes, No	Shows whether the user can install new Endpoint Encryption devices.

Importing Users from a CSV File

Note:

Importing users from a CSV file is supported only for users using fixed password authentication.

Format each line in the CSV file as follows:

<User ID (required)>, <first name>, <last name>, <employee ID>, <email address>

For fields with no data, use a comma as a placeholder. The following is an example CSV entry:

example_id, name,,, name@example.com

From the Endpoint Encryption Users widget, click Add User and then select Import Users from a File.
The Import Users from a File screen appears.
Click Choose File to select the CSV file.
The Open CSV File window appears.
Select the file and then click Open.
Click Add.
The users in the CSV file are imported.

Importing Active Directory Users

PolicyServer maintains a user directory separate from the Active Directory database. This allows PolicyServer absolute security over access to all Endpoint Encryption devices, user rights, and authentication methods.

Use the Endpoint Encryption Users widget in Control Manager to import Active Directory users. For more information about managing users with the Endpoint Encryption Users widget, see Endpoint Encryption Users.

Log on to Control Manager.
Go to the Endpoint Encryption Users widget.
Click the icon.
Select Import Users from Active Directory.
The Import Users from Active Directory screen appears.
Specify your credentials for the Active Directory LDAP server.
Note:
For Port, the value "0" specifies the default port. The default port is 389.
Click Next.
Wait for the specified Active Directory domain to populate.
The Active Directory tree for the specified domain appears in the left pane.
From the left pane, use the navigation tree to select the container from which to add users.
The available users populate in the right pane.
Do one of the following:
- Select individual users, then click Import Selected Users.
- Click Import Everyone in this Container.
Click OK to add the users to the specified location.
A confirmation window appears.
Click OK to confirm.
An import status message displays.
Click Close to finish, or repeat the procedure to select more users to import.