DeviceLock Group Policy Manager


In addition to the standard way of managing permissions via DeviceLock Management Console, DeviceLock also provides you with a more powerful mechanism - settings can be changed and deployed via Group Policy in an Active Directory domain. System administrators can use policies to control DeviceLock's configurations from a single location on a network - no matter how large the network.


Group Policy enables policy-based administration that uses Active Directory. Group Policy uses directory services and security group membership to provide flexibility and support extensive configuration information. Policy settings are created using the Microsoft Management Console (MMC) snap-in for Group Policy. 


Tighter integration into the Active Directory is a very important function of DeviceLock. It makes DeviceLock's management and deployment easier for large networks and more convenient for system administrators. 


Integration into the Active Directory eliminates the need to install more third-party applications for centralized management and deployment. DeviceLock does not need to have its own server-based component to control the entire network, instead it uses standard functions provided by the Active Directory.


Via Group Policy it is possible to:


§ Install DeviceLock Service on all the computers in a network, even those that are not currently running and new computers that are just connecting to the network


§ Control and configure DeviceLock Service on a large number of computers in different domains/organizational units simultaneously.


Even if some computers are not currently running or they are new computers that are just connecting to the network, they are included in DeviceLock's  automatic deployment of predefined settings.


NOTE: In order to manage DeviceLock via Group Policy, you must have Active Directory properly installed and configured. For more information about installing and configuring Active Directory, please refer to the related Microsoft documentation.


Policy is applied when the computer starts up. When a user turns on the computer, the system applies DeviceLock's policy. 


Policy can be optionally reapplied on a periodic basis. By default, policy is reapplied every 90 minutes. To set the interval at which policy will be reapplied, use the Group Policy Object Editor. For more information, please refer to the Microsoft Knowledge Base:;en-us;203607


Policy can also be reapplied on demand. To refresh the current policy settings immediately on Windows XP and later, administrators can call the gpupdate.exe /force command-line utility provided by Microsoft. On Windows 2000, administrators can call another command-line utility provided by Microsoft: secedit /refreshpolicy machine_policy /enforce.