DeviceLock Service Settings Editor
DeviceLock Service Settings Editor is used for creating and modifying external XML files with settings, permissions, audit and shadowing rules for DeviceLock Service.
There is almost no difference between the procedures for defining policies via DeviceLock Management Console versus via DeviceLock Service Settings Editor.
In comparison to DeviceLock Management Console in DeviceLock Service Settings Editor:
- You do not need to connect to any computer with DeviceLock Service. DeviceLock Service Settings Editor modifies and stores settings in external XML files and allows you to create/edit policies offline. It works similar to DeviceLock Group Policy Manager but instead of GPOs it uses XML files.
- You can reset any parameter (or all parameters at once) to the unconfigured state. All undefined parameters are ignored when the policy is applied to DeviceLock Service.
- You can remove any offline policy settings (permissions, audit and shadowing rules, white lists, etc.) for both devices and protocols in order to enforce regular ones in this policy file.
To create a new policy from scratch, just run DeviceLock Service Settings Editor and start making changes in its default (empty) policy.
If you want to modify an existing policy, you should load the XML file with that policy to DeviceLock Service Settings Editor using the Load Service Settings context menu item and then make desired changes.
If you create a new policy from scratch, you should use Save Service Settings from the context menu to save it in an XML file. Alternatively, you can use Save & Sign Service Settings from the context menu to save the policy to an external XML file and automatically sign it with the most recent DeviceLock Certificate (the private key). The Save & Sign Service Settings command is unavailable when the DeviceLock Signing Tool has no previously loaded private key.
Later files with policies created using DeviceLock Service Settings Editor can be loaded via DeviceLock Management Console and/or DeviceLock Group Policy Manager.
Also, files with policies can be sent to users whose computers are not online and thus out-of-reach via management consoles. To avoid unauthorized modification these files should be signed with the DeviceLock Certificate (the private key) using the DeviceLock Signing Tool.
If you modify an existing policy file, DeviceLock Service Settings Editor automatically saves your changes.
NOTE: Only settings that are explicitly defined in a policy file apply to client computers. All policy settings that have the Not Configured state are ignored by client computers.
DeviceLock Service Settings Editor is also used in the Set Service Settings plug-in of DeviceLock Enterprise Manager. This plug-in runs DeviceLock Service Settings Editor as an external application and opens it with the XML file selected in the plug-in's settings dialog box.
When you make any policy changes (change parameters, set permissions, define white lists, etc.) in the XML file passed to the editor by the plug-in, DeviceLock Service Settings Editor automatically saves them to this file. As soon as you finish modifying the policy just close DeviceLock Service Settings Editor and return to the plug-in's settings dialog box.