Encryption is another main feature of DriveLock that can help you secure sensitive information by enforcing encryption when data is copied to removable drives. You can use the DriveLock Full Disk Encryption option to encrypt hard disks, including the system partition, and to perform pre-boot authentication with a single sign-on to Windows. DriveLock can also erase sensitive data permanently and securely by overwriting data multiple times using one of several industry-standard algorithms. Please see the how-to install DriveLock Encryption software (Standalone Installation) and also see how to perform DriveLock’s quick setup. See more on Important DriveLock components to master. I have broken this installation into Guide into two in order not to have lengthy documentation. Please see the how-to install DriveLock Encryption software (Standalone Installation) and also see DriveLock with a focus on Encryption.
You can install DriveLock from files downloaded from the DriveLock Web site. All DriveLock components are available as separate 32-bit and 64-bit Microsoft Installer (MSI) packages.
- The easiest way to install DriveLock components is by using the DriveLock Installer (DLSetup.exe). This program can check whether the most current installation packages for all components are already present and download missing packages from the Internet.Before starting the installation, you should decide which type of configuration you will be using to deploy DriveLock settings to clients because this will determine how you will deploy DriveLock Agents to client computers. The following configuration matrix can help you decide which of these methods is the most appropriate for your environment:
Like I said before, DES (The Enterprise service is not required for DriveLock to operate, but it lets administrators easily monitor all DriveLock operations and user activities in the entire organization)
Step 1: Download and installation of DriveLock, Also, see how to download DriveLock software and install DriveLock).
Step 2: Post setup a Server (How to perform DriveLock quick setup)
Note: By default, SQL Express accompanies the DriveLock installation.
– We recommend MsSQL for Enterprise Installation.
Components of DriveLock to install
Ensure you pay a lot of attention to these components.
1: Client Software (DriveLock Agent)
You can easily install the client software (the DriveLock Agent) and policy deployment. You can achieve this by using existing software deployment mechanisms or by using the Group Policy feature of Active Directory. Alternatively, you can distribute policies using configuration files for standalone computers or in environments without Active Directory.
The DriveLock Agent is the most important component of the DriveLock infrastructure. It implements and enforces your policy settings. As such, it is necessary to install it on every computer where you want to control removable drives, devices, or other settings. The Agent is a lightweight Windows service that runs in the background and maintains control over hardware ports and interfaces and enforces your security policy. To deter unauthorized access or security settings bypass, regular users are unable to halt the service. Control and access to the service are exclusively granted to authorized users designated by you.
2: DriveLock Management Console
You can use the DriveLock Management Console to configure the security settings for your clients, manage your environment, and access other DriveLock components. This console is a Microsoft Management Console (MMC) snap-in. This makes it easy to integrate it into existing MMC console files that administrators may have already configured.
The DriveLock Management Console lets you create a local configuration for the computer the console is running on. This further lets you to define configurations by creating and changing Active Directory Group Policy settings or to save your settings to a configuration file that you can import on another computer. You can also monitor the status of clients or access the DriveLock Agent on clients. You can use the Management Console to remotely unlock an Agent by accessing it remotely, or— if the Agent is not connected to a network— by creating an offline access code that a user can enter on the client computer.
3: DriveLock Control Center (DCC)
Lets you create dynamic reports and forensic analysis reports from events reported by DriveLock Agents data to a central server running the DriveLock Enterprise Service (DES).
You can use the DCC to monitor the use of mobile drives, devices, and data transfers in aggregate or in detail. The DCC includes the option to assign granular permissions for data queries and report creation.
The DCC also lets you monitor your current DriveLock Agent environment and view the status of clients. For example, you can identify computers that don’t have the Agent installed or that have not recently reported their status. If you use the Full Disk Encryption option, you can view the current status of the drive encryption (for example, “Not installed” or “Currently encrypting”).
The DriveLock Control Center (DCC) is the reporting console that enables administrators to view events stored in the DES and create reports from the event data.
The auditing capabilities of DriveLock, coupled with its file shadowing functionality give you the information you need to monitor and enforce policy compliance
4: The DriveLock Enterprise Service (DES)
The DES is a central component that consolidates all DriveLock events and Device Scanner results in a central database. Administrators can then use this data to create dynamic reports for auditing and management purposes.
This service is not required for DriveLock to operate, but it lets administrators easily monitor all DriveLock operations and user activities in the entire organization.
5: Linked DES Server
In large DriveLock deployments you can minimize the use of system resources and network bandwidth by linking DES servers. In a linked deployment, one or more DES servers at branch offices are running in the “Cache & Linked” mode. These servers collect events from DriveLock Agents but don’t write the events to the database. Instead, DES servers in Cache & Linked mode forward the event data in compressed form to a central DES server at preconfigured intervals. The central DES Server, which is running in the standard “Cache & Process” mode, is connected to a database server and writes the event data it receives from linked servers and clients to the DriveLock database.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.