Each task contains its own set of computers, actions and configuration parameters.
- Name - the name of the task used to identify this task in the tasks list and in the monitoring log.
- Active - if checked, allows DeviceLock Enterprise Server to execute this task. Uncheck this flag if you wish to disable the task but don't want to delete it permanently.
- Computers - the type of the computers list used to define what computers will be monitored by this task. Press the Edit button to configure the list selected in Computers.
- Network discovery methods - types of network scanning that will be used to determine the status (available or unavailable) of monitored computers.
Upon executing the task, DeviceLock Enterprise Server uses all selected discovery methods in their given order until the status available is returned for the target computer. If none of the selected methods returns the available status, then the target computer receives the unavailable status.
Three types of the network scan are supported:
1. Ping sweep - DeviceLock Enterprise Server sends a regular ICMP ping to the target computer and then waits for its reply.
2. NetBIOS queries - if the Client for Microsoft Networks is installed on the target computer, then this computer will answer the NetBIOS type query sent by DeviceLock Enterprise Server.
3. TCP discovery (ports) - DeviceLock Enterprise Server checks for a particular open TCP port on the target computer. Using the comma (,) or semicolon (;) as a separator, you can specify several ports so they will be checked one by one in their given order.
To define additional parameters for discovery methods, press the Advanced settings button.
- Service connection settings - these options define how DeviceLock Enterprise Server should connect to DeviceLock Services on the monitored computers to obtain service version, settings, etc. If the correct connection settings are not specified, DeviceLock Enterprise Server will not be able to connect to monitored services and their computers will not receive the available status.
DeviceLock Service can be configured to use either a fixed port or dynamic ports during the installation process.
There are two connection options:
- Dynamic ports - to instruct DeviceLock Enterprise Server to use dynamic ports for communication with DeviceLock Service, select this option.
- Fixed TCP port - if DeviceLock Service is configured to accept connections on a fixed port, then you should select this option and specify that port number.
- Verify Service Settings - check this flag if you want to verify policy integrity for DeviceLock Services running on monitored computers.
- Service Settings file - to assign the master policy to the task, you should load the XML file with service settings (the master policy file). This master policy file can be created using DeviceLock Management Console, DeviceLock Group Policy Manager and/or DeviceLock Service Settings Editor.
During the policy verification process, DeviceLock Enterprise Server downloads the policy from each monitored DeviceLock Service and compares it with the master policy assigned to this task. All unconfigured parameters (those which have the Not Configured state) in the master policy are ignored during the policy verification process.
To load the master policy file, press the … button. Since the signature is not validated at this step, it can be either a signed or non-signed file. However, if you load the signed file then its name will be displayed in the Service Settings file field in round brackets.
If you are modifying the task and the master policy is already assigned, you can export it to an external XML file by pressing the Save button.
- Restore Service Settings - if checked, DeviceLock Enterprise Server will overwrite the current policy of a monitored DeviceLock Service for which the policy verification process failed with the master policy assigned to this task. Using this feature you can not only passively monitor the integrity of specific parameters but also restore them in case they were changed.
- Scanning interval - the time in seconds that should pass after a task completes and before DeviceLock Enterprise Server will start executing the same task again.
- Number of scanning threads - the maximum number of threads that can be used by this task simultaneously. You can increase this number to parallelize the process of computer scanning. However, a larger number of threads requires more hardware resources (especially RAM and network bandwidth) for DeviceLock Enterprise Server.