Service Options View
These additional parameters allow you to tune up the DeviceLock Service configuration. Use the context menu available by a right mouse click on every parameter.
- DeviceLock Administrators - allows you to define the list of user accounts with administrative access rights to DeviceLock Service.
- Auditing & Shadowing - allows you to tune up auditing and shadowing for DeviceLock Service.
- Alerts - allows you to configure alert settings. These settings specify where and how the alerts should be sent.
- Anti-keylogger - allows you to tune up DeviceLock's ability to detect hardware keyloggers and to define what DeviceLock Service should do when a keylogger is found.
- Encryption - allows you to tune up DeviceLock's ability to detect disks (USB flash drives and other removable media) encrypted by third-party products and apply special "encrypted" permissions to them..
- USB/FireWire blocked message - allows you to define a custom message to be displayed to users when access to a USB or FireWire device is denied at the interface (USB or FireWire) level or type (Removable, CD/DVD/BD, etc.) level.
- Expired message - allows you to define a custom message to be displayed to users when the allowed period for temporary white listed devices is expired and devices have been removed from Temporary White List.
- Content-Aware blocked read message - allows you to define a Content-Aware blocked read message (notification balloon) to be displayed to users when they try to read a file to which they are denied access. By default, DeviceLock does not display the Content-Aware blocked read message.
- Content-Aware blocked write message - allows you to define a Content-Aware blocked write message (notification balloon) to be displayed to users when they try to write a file or transfer the data to which they are denied access. By default, DeviceLock displays the Content-Aware blocked write message.
- Protocols blocked message - allows you to define a Protocols blocked message (notification balloon) to be displayed to users when they try to access a protocol to which they are denied access.
- Basic IP Firewall blocked message - allows you to define a Basic IP Firewall blocked message to be displayed to users when they try to establish a connection to which they are denied access.
- Content verification message - allows you to define a Content verification message to be displayed to users when content inspection is in progress.
- Oracle IRM Server Settings - allows you to configure DeviceLock Service for Oracle IRM support. If you have configured Oracle IRM support, you can define Content-Aware Rules to control access to documents that have been sealed using IRM.
- DeviceLock Enterprise Server(s) - allows you to specify the name or IP address of the DeviceLock Enterprise Server's computer.
- Log Policy changes and Start/Stop events - allows you to enable the logging of changes in DeviceLock Service's configuration and report the time when DeviceLock Service starts and stops. It is possible to log changes in permissions, audit rules, white lists and in other settings.
- DeviceLock certificate - allows you to install or remove a DeviceLock Certificate (the public key).
- Use Group Policy - allows you to control the effective policy mode (Group Policy or Local Policy), if DeviceLock Service is configured to work with Group Policy in an Active Directory domain.
To activate the Group Policy mode for this DeviceLock Service, enable the Use Group Policy parameter. In this mode, all settings that you set via DeviceLock Management Console and DeviceLock Enterprise Manager are replaced by Group Policy settings.
To activate the Local Policy mode for this DeviceLock Service, disable the Use Group Policy parameter. In this mode, all settings that you set via DeviceLock Management Console and DeviceLock Enterprise Manager have a priority over Group Policy settings and replace them.
If DeviceLock Service was not configured to work with Group Policy, the Use Group Policy parameter is disabled and unavailable for changing.
If the Use Group Policy parameter is enabled but unavailable for changing, it means that the Group Policy mode always has a priority (the Override Local Policy parameter was enabled in DeviceLock Group Policy Manager) and the Local Policy mode can't be enabled for this DeviceLock Service.
Available only in DeviceLock Management Console and DeviceLock Service Settings Editor.
- Override Local Policy - if you want to disallow changing settings, permissions and audit rules for individual computers (without the GPO editor), enable Override Local Policy in Service Options. This enables the Group Policy mode for all the computers in GPO, such that the Local Policy mode can't be enabled for these computers.
If the Override Local Policy parameter is enabled, it means that the Use Group Policy parameter in Service Options of DeviceLock Management Console and DeviceLock Enterprise Manager can't be disabled.
Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.
- Fast servers first - when this parameter is enabled, all servers specified in the DeviceLock Enterprise Server(s) parameter are divided into three groups depending on their network speed and preference is given to the fastest. If all of the fastest servers are unavailable, DeviceLock Service attempts to select a server from the group of next fastest servers and so on.
If the Fast servers first parameter is disabled, DeviceLock Service randomly selects a server from the list.
This parameter has an effect only if there is more than one server specified in the DeviceLock Enterprise Server(s) parameter.
- Traffic priority - allows you to define bandwidth limits for sending audit and shadow logs from DeviceLock Service to DeviceLock Enterprise Server.
This parameter can be changed only if the Quality of Service Packet Scheduler (QoS Packet Scheduler) component is installed on a computer running DeviceLock Service. Otherwise, the Traffic priority parameter is disabled and 100% of bandwidth is used.
- Always show tray icon - allows you to enable or disable the display of the DeviceLock Tray Notification Utility icon in the notification area of the taskbar on client computers. End users working on client computers can refresh the connection state (online or offline) of DeviceLock Service. To do so, they need to right-click the DeviceLock Tray Notification Utility icon in the notification area of the taskbar, and then click Refresh Current State. End users can also click the DeviceLock Tray Notification Utility icon to display the latest DeviceLock balloon message that appeared in the notification area of a client computer.
- Archives content inspection on read - allows you to enable or disable content inspection of files within archives when users try to read archive files. NOTE: If Archives content inspection on read is disabled, inspection of images embedded in PDF files, RTF and Microsoft Office documents is also not performed.
- Archives content inspection on write - allows you to enable or disable content inspection of files within archives when users try to write archive files. NOTE: If Archives content inspection on write is disabled, inspection of images embedded in PDF files, RTF and Microsoft Office documents is also not performed.
- Offline mode detection - allows you to define the network characteristics that DeviceLock uses to detect its connection state (whether it is online or offline). By default, DeviceLock works in offline mode when the network cable is not connected to the client computer.
- Apply Content-Aware Rules to file/folder names - use this option to enable or disable content inspection of file and folder names when users try to access, create, or rename files and folders for managed storage-based device types. Only rules based on Pattern and Keywords groups may be applied to file and folder names. Rules apply to the full file/folder path.
In DeviceLock Group Policy Manager and DeviceLock Service Settings Editor, if you want to reset these parameters to the unconfigured state, select Undefine from the context menu.