DriveLock Customer Forum
Information
43 results found
-
Check PBA Prerequisites - availibility of CA-certifiate "Microsoft Corporation UEFI CA 2011"
Many new notebook systems of the manufacturers HP and Lenovo are shipped with the CA-certifictate
"Microsoft Corporation UEFI CA 2011" disabled in their firmware settings.The DriveLock-PBA is signed with this CA-certificate. So this CA-certificate needs to be enabled and
available on a system in advance of installing the DriveLock-PBA.The installation routine of the DriveLock-PBA should verify if this CA-certifiacte is enabled and available on a system
when attepmpting to install the PBA, and write a message of level=Error when detecting this CA-certificate is not available
on a system.
With this enhancement the administrator of a DriveLock environment will…1 voteSince version 23.1 there is a message with EventID=757 “SecureBoot is enabled but the Microsoft Corporation UEFI CA 2011 certificate is missing.”. This function is therefore already implemented. Please configure this event in a policy so that it is sent from clients to the DES.
-
Wiederholung von Fehlgeschlagenen Installationen
Wir lassen Drivelock automatisch Installieren, indem Drivelock bestimmte AD-Verzeichnisse scannt.
Jetzt ist der Server aber ausgelastet oder Systeme sind zu dem Zeitpunkt nicht mehr am Netzwerk, da die Systeme nach der Installation des Betriebssystems ausgeschaltet werden und dann erst im AD verschoben werden.
Der Scann des ADs erfolgt anscheinen nur zu jeder vollen Stunde und dies lässt sich leider nicht ändern.Kann man implementieren, dass Drivelock fehlgeschlagene Installationen (Netzwerkname wurde nicht gefunden, RPC-Server ausgelastet etc) nicht regelmässig wiederholt?
RPC-Server ausgelastet vielleicht zur nächsten vollen Stunde immer wieder.
Netzwerkname nicht gefunden alle 8 Stunden.Allgemein finde ich es als Verantwortlicher etwas…
1 voteWe will no longer support this feature. We will even remove it because it no longer corresponds to our idea of practical distribution. Instead, one should rely on software distribution.
-
Security Awareness Statistik in DOC aufräumen oder in Arcive verschieben
Statistics in DOC
Arcify or clean up to get a better overview3 votesA lot has happened in the area of awareness evaluations since 23.2 and this area will be expanded with 24.1.
-
Use fingerprint and/or face recognition at DriveLock PBA (Windows Hello support)
When using the Drivelock PBA with Yubikeys to implement a 2FA, the use of fingerprint scanners and facial recognition is not possible. Login works with PIN or username/password.
We have notebooks with fingerprint and face recognition in use. If you activate the functionality in Windows, the Drivelock PBA does not work anymore. The PBA cannot be installed or uninstalled. The PBA users are not synchronized. This means that the additional logon methods cannot be used. With the PBA fingerprint and face recognition should be possible.1 voteThe current PBA does not support face recognition or fingerprint. UEFI does not support that. The request is closed. There is a possibility that we will revisit the issue at some point with further development. Thank you for your understanding.
-
Using VMWare workstation , USB Device can be accessed in VM Client even though it is blocked in host machine..
Using VMWare workstation , USB Device can be accessed in VM Client even though it is blocked in host machine..
1 votePlease contact your support partner or our support team in case of problems. There you will get assistance in analyzing any error and fixing the issue.
-
Deactivate MQTT on the server
It should be possible to disable MQTT on the server side as well. The existing option to disable MQTT on the client side via policy is not sufficient in my opinion. It should best be configurable via a feature in the DMC UI.
1 voteDisabling MQTT by policy provides a way to respond to restrictions on the use of MQTT communications in certain situations and environments.
We do not foresee disabling MQTT server-side at this time, as it is a central part of the DriveLock components' technical communication, the use of which will continue to expand in the future.
-
Manual input of the stored uninstall password
Enable manual entry of the stored uninstall password. Either during uninstallation via "Programs and Features" or another entry "Uninstall Agent" via the systray icon of the DL Agent.
1 voteThank you for posting this request on our feedback forum.
This uninstall password is an additional layer of security to prevent local admins in environments without a zero trust approach from uninstalling the DriveLock agent part.
If for any reasons a single agent needs to be removed we already provide the possibility to use the following administration command-line:
msiexec /x DriveLockAgent.msi UNINSTPWD=<your_password>
The password is checked before the inner MSI part is executed. We would have to change this in order to fulfill requests like this one and decided not to lower security measures here, a while ago.
Please feel free to get in touch with us directly to discuss this in more detail.
-
Nach dem Test die Fehler anschauen
Leider ist es in der Aktuellen Version nach Abschluss der Fragen nicht möglich zusehen was man falsch beantwortet hat man sieht nur unten die runden Punkte mit X wenn man darauf kickt passiert nichts, hier wäre es gut die Frage nochmals zu sehen mit was wurde geantwortet und was wäre richtig gewesen
1 vote -
Fehler Auswertung der Kampagne im DOC
Ist es möglich das im DOC nicht nur die Anzahl der Fehler ausgewertet werden können, sondern auch Welche Fehler gemacht wurden?
Von welchen Benutzern1 vote -
DriveLock Linux Agent should be able to send all existing events to other external systems via email
As an administrator I want to let the Linux Agent send all drivelock agent events also to external systems.
It should work similar like DriveLock Agents for Windows OS.
If we can define a priority, we would like to see the following priority order (for implementing):
1) SMTP (email, supporting TLS/SSL)
2) SNMP1 voteplease see comment
-
DriveLock License Management (expire dates) over DOC, within an Enterprise Environment
DES Servers, running into an an protected Enterprise Environment configured according Microsoft's Recommendation
for an Enterprise-Access-Modell, should be able to renew their License Date (Maintenance Date) over the DOC,
without having direct Internet access, and without getting each year a new license to activate by phone.
An Implementation idea is maybe a Windows 10 Client System running DOC Companion, while the Client have
Internet Access over a Company Proxy Server, to renew the License at the DES Server backend.4 votesif you issue a new license annually (or whenever the maintenance is extended), then you don't even need one without activation, because the mmc does the activation and you can run it on a computer with internet access or use the telephone activation. You can either activate by telephone or issue the customer with a license without activation. Subscription licenses have to be reissued anyway, at least until now
-
DOC deployment installation option should support DriveLock groups
In the new DOC 21.2, it is possible to deploy new agent on computer. It would be very nice to be able to use drivelock groups here instead of a static list of PCs.
2 votesThe deployment options are ok for individual computers. Otherwise, we ask customers to use a software distribution solution. I am therefore closing the request.
-
3rd party events should be directly sent by SMTP/SNMP
it seams 3rd party event can only be sent to the DES as oppose to DriveLock events that can be sent directly by the agent through SNMP/SMTP. Ths should be the case for 3rd party events too.
2 votesBackend is the single source of truth. Events can be forwarded by the backend service.
-
Multiselection in white list rules under devices is not possibe
In policy editor, it is possible to multi select WLR under drives in order to move them or delete them but it is not possible to do the very same thing in the devices category. It will be nice to have the same functionality.
2 votesDeclined since everything ultimately goes DOC
-
Increase rule count limit under "user selection" rules
Currently the "User selection" rule under Encryption 2-Go or File Protection allows a maximum of three (3) selectable rules. Suggesting to increase this limit to at least five (5) rules if possible.
1 vote -
DOC: Refresh individual widgets
Currently you can only refresh the whole dashboard tab. Suggesting to also add the feature to allow refreshing a specific widget as needed.
1 voteRefreshing the dashboard is fast and all widgets are usually updated within 1-2 seconds.
The effort for implementing this would exceed the value/outcome.
When an auto-update capability will be available, the need for this is estimated even lower. -
Make secure deletion feature available with File Protection
Currently the "secure delete" utility is only available with Encryption 2-Go license. Suggesting to also include it with File Protection license.
2 votes -
Share custom DOC dashboards & widget via UserVoice
Suggesting to allow and facilitate sharing of custom DOC dashboards and widgets created by DriveLock users (customers, resellers, consultants, etc.) via UserVoice or any other suitable platform.
2 votes -
Too many messages, event ID: 129, because of locked devices
Every time a user connects an iPhone or Android phone to a computer, our Drivelock server gets a message that a device has been connected there. This is not allowed by us and the device will be locked, then different
Messages are sent Event ID: 129.
Now my question, is it possible to create a rule in these cases:
That the user always gets a message (bigger message, not only in the systray) to disconnect the device immediately until he disconnects the device? So that always new messages appear, which the user must click away and he is quasi forced…2 votes -
Restart option after agent update
Currently, a reboot before updating the agent can be configured via the option "Reboot to update agent". This causes the users to be logged out first, then DriveLock is updated and then a reboot occurs. If users logs on immediately afterwards, they can work for 2-3 minutes before a reboot occurs without further warning.
It would be better for the users if the update would happen in the background without reboot (similar to push install/push update via the DCC). The user should get after successful update a message that he should close all programs because the computer reboots. This reboot…
13 votesI don't see it as particularly important, because a reboot during an update is usually not useful. only FFE and FDE actually need a reboot - but only later when the agent is already running again and not when the msi is finished.
- Don't see your idea?