DriveLock Customer Forum
Information
60 results found
-
Funktionen bei Mehrfachselektion ermöglichen
Da nach Behandlung von Schwachstellen z.B. durch Softwareupdates die Schwachstelle nicht automatisch aus der Übersicht entfernt wird, muss diese manuell "ausgeblendet" werden.
Treten nun an einem Rechner zu einem bestimmten Produkt mehrere Schwachstellen auf, wäre es vorteilhaft man könnte in der Mehrfachselektion alle betroffenen Schwachstellen markieren und gesammelt "ausblenden".
Leider stehen bei der Mehrfachselektion keine Funktionen zur Verfügung."Multiple (474) items are selected. No additional information or actions available"
Beispiel:
An einem Client ist Software XYZ veraltet und es werden mehrere Schwachstellen aufgeführt. Ich aktualisiere Software XYZ an diesem Client und möchte nun alle Schwachstellen ausblenden. "Ausblenden für alle Computer"…1 voteOnce the scan is run again after the necessary patches have been applied, the identified vulnerabilities will be automatically closed. Consequently, we believe that implementing this feature request is unnecessary from our perspective.
-
1 vote
I'm afraid we have to decline this proposal because we are unable to allocate the necessary resources to maintain these well-known USB devices.
-
SAML Anmeldung mit UPN
Aktuell wird für die SAML-Authentifizierung immer der Identifier des Benutzers verwendet.
Bei AD-Benutzern wird die SID verwendet. Die SID kann jedoch mit dem System als SAML-Response übergeben werden.
Somit ist der SAML Login mit einem AD-User nicht möglich, wenn die Response keine SID enthält.Die SAML Einstellung sollten die Möglichkeit bieten sich mittels UserPrincipalName anzumelden.
1 voteThank you for reaching out with your feature request regarding logging in with SAML using the UserPrincipalName (UPN) in DriveLock. After careful consideration, we've decided not to implement this specific request, as it addresses a very niche requirement and there are valid alternative solutions available.
Option 1: You can create an email account using the UPN and specify the UserPrincipalName as a property in the DriveLock SAML configuration. Alternatively, you can map another field to contain an email address. Currently, the UPN is the closest match to an email address.
Option 2: If you wish to use existing AD accounts, you can store the Security Identifier (SID) with the Identity Provider and specify the corresponding property in the DriveLock SAML configuration.
We believe these alternatives will effectively meet your needs. Please feel free to reach out if you have any questions or need further assistance.
Best regards,
DriveLock Team
-
Responsive Webdesign
Auf dem Iphone das Admin-Center de.drivelock.cloud leider keine Freunde.
Ab wann steht die im Responsive Webdesign zur Verfügung?
2 votesThank you for your feedback and suggestion regarding the responsive design for the DriveLock Operations Centre (DOC). We understand the importance of usability on mobile devices and know that flexibility on different devices plays an important role.
However, we would like to inform you that the DOC was deliberately designed for use on desktops and tablets, as effective operation on smaller screens, such as a smartphone, would not meet our quality and security standards. There are therefore currently no plans to adapt the DOC for smartphones.
Thank you for your understanding and please do not hesitate to contact us if you have any further questions or require assistance.
-
Check PBA Prerequisites - availibility of CA-certifiate "Microsoft Corporation UEFI CA 2011"
Many new notebook systems of the manufacturers HP and Lenovo are shipped with the CA-certifictate
"Microsoft Corporation UEFI CA 2011" disabled in their firmware settings.The DriveLock-PBA is signed with this CA-certificate. So this CA-certificate needs to be enabled and
available on a system in advance of installing the DriveLock-PBA.The installation routine of the DriveLock-PBA should verify if this CA-certifiacte is enabled and available on a system
when attepmpting to install the PBA, and write a message of level=Error when detecting this CA-certificate is not available
on a system.
With this enhancement the administrator of a DriveLock environment will…1 voteSince version 23.1 there is a message with EventID=757 “SecureBoot is enabled but the Microsoft Corporation UEFI CA 2011 certificate is missing.”. This function is therefore already implemented. Please configure this event in a policy so that it is sent from clients to the DES.
-
Filter im Knoten Betrieb - Agenten Ferncontrolle
In der DMC sollte es möglich sein unter dem Knoten einen Filter zu implementieren, so das man z.b. Nach dem Computernamen oder dem angemeldeten Nutzer Filtern kann. Bei ca. 10000 Computern ist ohne Filter ein suchen sehr mühselig
1 voteWe would like to kindly inform you that there are already several ways to do this in the DOC. Unfortunately, this means that we have to reject your request.
-
Freigabe von Softlinks (via mklink erzeugt)
Bei der Freigabe von Pfaden werden keine Softlinks (via mklink erzeugt) berücksichtigt. Hilfreich wäre eine Ausnahme für Softlinks (via mklink erzeugt) als Ausnahme zu definieren, während der Ursprungspfad per WL Regel gesperrt bleibt.
1 voteThank you so much for your suggestion regarding the allowance of soft links created via mklink.
Our system currently resolves paths upon access, meaning we ultimately only see the resolved path, not the soft link itself. As a result, we're unable to differentiate or specifically allow soft links without impacting existing security mechanisms. Therefore we unfortunately have to reject this request.
We really appreciate your understanding and are here if you have further questions or feedback.
-
Wiederholung von Fehlgeschlagenen Installationen
Wir lassen Drivelock automatisch Installieren, indem Drivelock bestimmte AD-Verzeichnisse scannt.
Jetzt ist der Server aber ausgelastet oder Systeme sind zu dem Zeitpunkt nicht mehr am Netzwerk, da die Systeme nach der Installation des Betriebssystems ausgeschaltet werden und dann erst im AD verschoben werden.
Der Scann des ADs erfolgt anscheinen nur zu jeder vollen Stunde und dies lässt sich leider nicht ändern.Kann man implementieren, dass Drivelock fehlgeschlagene Installationen (Netzwerkname wurde nicht gefunden, RPC-Server ausgelastet etc) nicht regelmässig wiederholt?
RPC-Server ausgelastet vielleicht zur nächsten vollen Stunde immer wieder.
Netzwerkname nicht gefunden alle 8 Stunden.Allgemein finde ich es als Verantwortlicher etwas…
1 voteWe will no longer support this feature. We will even remove it because it no longer corresponds to our idea of practical distribution. Instead, one should rely on software distribution.
-
PC Neustart bei Push-Installation verzögern
Beim Update besteht ja über die Konfig die Möglichkeit, den Reboot des Clients zu verzögern.
Bei der Pushinstallation, wenn man den Restart anklickt, erfolgt dieser ja nahezu sofort, ohne das die Möglichkeit besteht Daten zu sprichern.Toll wäre es, wenn man hie die selben Einstellungen wie bei einem Update machen könnte, um dem Benutzer die Möglichkeit zu geben, den Neustart z.B. in eine Pause zu legen.
Den es ist Dumm, wenn der Neustart plötzlich während der Arbeit erfolgt. z.B. bei einem Meeting, Videokonferenz, Kundengespräch etc.
1 votePlease use Software Distribution for appropriate control
-
Citrix VDI and Terminal Server Golden Images should not be counted as a consumed license (from DOC).
Citrix VDI and Terminal Server Golden Images should not be counted as a consumed license (from DOC).
1 voteAt first glance, this use case seems sensible. However, the image is created from a computer with an agent and needs a license. After 30 days, an inactive computer is no longer counted anyway.
-
Security Awareness Statistik in DOC aufräumen oder in Arcive verschieben
Statistics in DOC
Arcify or clean up to get a better overview3 votesA lot has happened in the area of awareness evaluations since 23.2 and this area will be expanded with 24.1.
-
Freitexteingabe bei Awarenesskampagnen
Es gibt ja schon die Möglichkeit, bei Security Awareness Kampagnen den User zu "nötigen", einen Haken zu setzen bzw. eine gewisse Zeit ein Bild zu betrachten.
Was ist von der Idee zu halten, dem User nach gesehenem Video / gelesenem Text / betrachtetem Bild ein Freitext-Feld mit der Antwort auf eine Frage befüllen zu lassen?
Frage und Antwort werden dokumentiert und können ggf. im Nachgang besprochen werden.3 votes -
automatish push installation should support tenant
it seems automatic push installation supports only root tenant
1 voteIn any case, we are currently checking whether this feature should be discontinued in principle. In the cloud environment, this is not an option anyway. Software distribution does the job better.
-
Want to remote write volume.id files (from DOC).
We do need a feature to write volume.id files remotely.
This should be implemented via DOC.
We can not install the DMC everywhere on clients, just to write
a volume.id. Also the device (production machines) are to heavy
to carry them into the IT department for whitelisting.
Signing the volume.id with password would be fine for us,
we don't need it full implemented, like signing with certificates.2 votesWe cannot reproduce it and have not received any more feedback
-
Ability to disable Logging for specific uses of the Usage Policy
When using a Usage Policy with different rules we would sometimes not want the rule to be logged with our enterprise Service (or at least be able to filter it out of our log).
Example:
We have one Rule that creates Usage Policies that we want to see to validate the device daily and add it to the permanent whitelist.
We have a different rule where we would like to show a Usage Policy to that user group for certain devices they connect. We have no need to see this Log in our DOC.Right now we either get all…
1 vote -
Using VMWare workstation , USB Device can be accessed in VM Client even though it is blocked in host machine..
Using VMWare workstation , USB Device can be accessed in VM Client even though it is blocked in host machine..
1 votePlease contact your support partner or our support team in case of problems. There you will get assistance in analyzing any error and fixing the issue.
-
Use fingerprint and/or face recognition at DriveLock PBA (Windows Hello support)
When using the Drivelock PBA with Yubikeys to implement a 2FA, the use of fingerprint scanners and facial recognition is not possible. Login works with PIN or username/password.
We have notebooks with fingerprint and face recognition in use. If you activate the functionality in Windows, the Drivelock PBA does not work anymore. The PBA cannot be installed or uninstalled. The PBA users are not synchronized. This means that the additional logon methods cannot be used. With the PBA fingerprint and face recognition should be possible.1 voteThe current PBA does not support face recognition or fingerprint. UEFI does not support that. The request is closed. There is a possibility that we will revisit the issue at some point with further development. Thank you for your understanding.
-
Deactivate MQTT on the server
It should be possible to disable MQTT on the server side as well. The existing option to disable MQTT on the client side via policy is not sufficient in my opinion. It should best be configurable via a feature in the DMC UI.
1 voteDisabling MQTT by policy provides a way to respond to restrictions on the use of MQTT communications in certain situations and environments.
We do not foresee disabling MQTT server-side at this time, as it is a central part of the DriveLock components' technical communication, the use of which will continue to expand in the future.
-
Format BitLocker2Go USB removables like in Encryption2Go
In Encryption2Go it is possible to format the USB removables before encryption and keep the data if necessary - these options are completely missing in BitLocker2Go.
4 votesThe options exist because in the old days everything was formatted with FAT, where you could not create containers larger than 4 GB. This made things easier for the customer. This is not necessary with BitLocker To Go.
-
DriveLock License Management (expire dates) over DOC, within an Enterprise Environment
DES Servers, running into an an protected Enterprise Environment configured according Microsoft's Recommendation
for an Enterprise-Access-Modell, should be able to renew their License Date (Maintenance Date) over the DOC,
without having direct Internet access, and without getting each year a new license to activate by phone.
An Implementation idea is maybe a Windows 10 Client System running DOC Companion, while the Client have
Internet Access over a Company Proxy Server, to renew the License at the DES Server backend.4 votesif you issue a new license annually (or whenever the maintenance is extended), then you don't even need one without activation, because the mmc does the activation and you can run it on a computer with internet access or use the telephone activation. You can either activate by telephone or issue the customer with a license without activation. Subscription licenses have to be reissued anyway, at least until now
- Don't see your idea?