Technical questions (PDF format)
Webinar (flash)
 General
Registration & Payment
Installation
Troubleshooting
Miscellaneous
Q: What is DeviceLock®?
DeviceLock® for Windows NT/2000/XP/Vista and Windows Server 2003/2008 gives network administrators control over which users can access what devices (floppies, USB, FireWire, serial and parallel ports, Magneto-Optical disks, CD-ROMs, WiFi and Bluetooth adapters, infrared ports, ZIPs, etc.) on a local computer. Once DeviceLock® is installed, administrators can control access to floppies, CD-ROMs or any other device, depending on the time of day and day of the week. DeviceLock® enhances access control for Windows System Administrators and helps control removable disk usage. It can protect network and local computers against viruses, trojans and other malicious programs often injected from removable disks. Network administrators can also use DeviceLock® to flush a storage device's buffers.
DeviceLock® has the same functionality as other SmartLine's product DeviceLock® Millennium Edition for Windows 9x/Me but DeviceLock® was designed specially for Windows NT/2000/XP/Vista and Windows Server 2003/2008.
Q: Why do I need DeviceLock® if I can use Group Policy?
A: Unfortunately, standard access control solutions coming with Windows operating systems do not allow the assignment of permissions for USB and FireWire ports as well as for WiFi and Bluetooth adapters. Anyone can bring and plug a tiny device and download hundreds of megabytes of proprietary information. You do not have to be an administrator to use one of these devices, and you can not manage WiFi, Bluetooth, USB and FireWire devices via Group Policy.
Q: Can I be notified when DeviceLock® is updated?
A: Absolutely. To receive news about DeviceLock®, join our mailing list. Enter your email address below, then click on the 'Join!' button:
Q: What limitations are there in an unregistered version?
A: There are no functional limitations for an unregistered version and you may use DeviceLock® (during the evaluation period) as a fully registered program but only on one computer. An unregistered version of DeviceLock® displays nag screens.
Q: What is the easiest way to register DeviceLock®?
A: Online using a credit card at http://www.devicelock.com/dl/register.html.
Q: Can I be sent an invoice when I purchase DeviceLock®?
A: Yes. Use our online forms at http://www.devicelock.com/dl/register.html. Select a payment method (order by fax, toll-free phone, bank transfer, etc.), then ask for an invoice.
Q: Is it safe to use my credit card on the internet?
A: Yes. All our registrations use SECURE protocols. It is impossible for a third party to intercept your credit card information. We also offer alternative ordering methods (such as order by fax, toll-free phone, bank transfer, etc.).
Q: I bought the Single license of DeviceLock®. Could I install DeviceLock® on all the computers in my network?
A: You may install DeviceLock® Service on only a single computer but DeviceLock® management consoles can be installed on any number of your computers. The Single license gives you the right to use DeviceLock® on one computer so you are able to control access on only one computer. If you wish to use DeviceLock® on several computers, you need to purchase the appropriate number of Single licenses.
For example, if you wish to control access on:
-
one computer - you need to purchase one Single license;
-
two computers - you need to purchase two Single licenses;
-
more than 2000 computers - please contact us directly for a quote.
Q: I bought a license for DeviceLock®. Do I need to buy another license each time DeviceLock® is upgraded or a newer version is released?
A: No. When you purchase a license (any kind) for DeviceLock®, you automatically purchase all future releases and updates that will be released within 1 year from the date of purchase. It means that during one year you can download and install the latest versions of the software from our site, and the license keyfile that you received from us will work with the latest product version.
If you don't want to purchase an upgrade, you can use the program forever; it will never expire, but you won't be able to use the latest version.
Q: How to install the right management console?
Q: How to install DeviceLock® Group Policy Manager?
Q: How to install DeviceLock® Enterprise Manager?
A: There is one installation package with different management consoles inside: setup.exe.
setup.exe contains DeviceLock® Management Console, DeviceLock® Group Policy Manager and DeviceLock® Enterprise Manager as well as DeviceLock® Service (including the MSI package), DeviceLock® Enterprise Server, product documentation and help files.
DeviceLock® Enterprise Manager can be used to control many computers simultaneously. With DeviceLock® Enterprise Manager you can view and change permissions and audit rules; install, update and uninstall DeviceLock® Service; and view audit records for all the computers in a large network. We recommend using DeviceLock® Enterprise Manager if you have a large network without Active Directory.
DeviceLock® Management Console is a snap-in for Microsoft Management Console (MMC). Using DeviceLock® Management Console, you can view and change permissions and audit rules, install and update DeviceLock® Service as well as view audit records for individual computers. Also, DeviceLock® Management Console is used for viewing logs stored on DeviceLock® Enterprise Server and for managing this server.
DeviceLock® Group Policy Manager integrates into the standard Windows Group Policy Editor that comes with Windows 2000 and later. With DeviceLock® Group Policy Manager, you can change DeviceLock®’s settings, permissions and audit rules across the entire Active Directory forest.
Q: Can I install DeviceLock® under Windows NT/2000/XP/Vista if I don't have administrative privileges?
A: No. You cannot install DeviceLock® under Windows NT/2000/XP/Vista without having administrative privileges. To correctly install DeviceLock® under Windows NT/2000/XP/Vista you MUST have administrative privileges. If you are going to use DeviceLock® only on a local computer, you must have local administrative privileges. But, if you are going to use DeviceLock® throughout your network, you must have domain administrative privileges.
Q: Can I install DeviceLock® under Windows 95/98 or Windows Me?
A: If you want to control access to devices on Windows 9x/Me, you should look at DeviceLock® Millennium Edition.
Q: Is it possible to install DeviceLock® automatically (without any user intervention)?
A: Yes. Just run DeviceLock® Setup with the /s parameter (e.g. "c:\setup.exe /s"). This gives an install that can be used from within a batch file. There is a special configuration file for silent setup: devicelock.ini. With this file, you can customize the DeviceLock® installation parameters. For more information, please read the documentation.
Q: Is it possible to install DeviceLock® using Microsoft Systems Management Server (SMS)?
A: Yes. You can use the package definition files (DevLock.pdf for SMS version 1.x and DevLock.sms for SMS version 2.0 and later) supplied with DeviceLock®, located in the sms.zip file.
Q: Can I install the DeviceLock® Service on the remote computer without having to physically go to it?
A: Yes. DeviceLock® supports Remote Install. If the DeviceLock® Service isn't installed on the remote system or the DeviceLock® version is too old, DeviceLock® Management Console will suggest that you install the service. Select the DeviceLock® Service executable file and DeviceLock® Management Console will copy it to the remote computer. The DeviceLock® Service executable file will be copied to the Windows system directory (e.g. c:\winnt\system32) if this service doesn't exist on this system. If the service exists on this system but is too old, DeviceLock® Management Console will copy the executable file to the directory of the old file and the old file will be replaced.
Q: How can I configure DeviceLock® to use a fixed TCP port?
A: By default, DeviceLock® Service is using dynamic ports for the RPC communication with DeviceLock® management consoles. The ports change every time DeviceLock® Service is started, making it difficult to configure a firewall. To overcome this difficulty, you can instruct DeviceLock® Service to use a fixed port. To do so, open Regedit and set the following entry:
-
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SmartLine Vision\DeviceLock
-
Name: ncacn_ip_tcp[port number]
-
Type: REG_SZ
-
Value: not used (can be empty)
port number - the fixed TCP port number that you want to use for the communication between DeviceLock® Service and DeviceLock® management consoles.
You should restart DeviceLock® Service for the setting to take effect.
Now, to connect DeviceLock® management consoles to the computer where DeviceLock® Service was configured to use a fixed port, you should specify this port in square brackets next to the computer name, e.g. computer_name[port number].
Please note that when you connect to DeviceLock® Service using a fixed port, the remote install/update function is disabled, i.e. you can’t install or update DeviceLock® Service on remote computers without using dynamic ports. Also, Audit Log Viewer doesn’t work if the 139 TCP port is closed on the firewall.
Q: Which ports do I need to open on the firewall to allow DeviceLock® to work?
A: You can instruct DeviceLock® to use a fixed port, making it easier to configure a firewall. If you want to configure the firewall for dynamic ports connection, follow the instructions below.
You need to open 135-139 ports and all ports above 1024 for incoming and outgoing packets:
-
Port 135 (TCP) - for Remote Procedure Call (RPC) Service
-
Port 137 (UDP) - for NetBIOS Name Service
-
Port 138 (UDP) - for NetBIOS Netlogon and Browsing
-
Port 139 (TCP) - for NetBIOS session (NET USE)
-
Ports above 1024 (TCP) - for RPC Communication
DeviceLock® works like any other standard Windows NT/2000/XP/Vista administrative tool (such as Event Viewer, Services, Computer Management, etc.) so, if these tools work then DeviceLock® will work, too.
You can find more information in the Microsoft's Knowledge Base
Q: I am receiving the error 1722 ("The RPC Server is unavailable") whenever I try to connect to a computer.
A: The error 1722 means that DeviceLock® management consoles cannot access DeviceLock® Service on the remote computer. There are several possible reasons:
-
the remote computer does not exist on the network (the computer's name or IP address is incorrect or this computer was shut down recently but its name still exists in the network browser);
-
the remote computer is not a Windows NT 4.0/2000/XP/Vista computer and DeviceLock® Service cannot be installed on this computer;
-
the remote computer is behind a firewall that was not configured properly (to configure a firewall, please read this answer);
-
the remote computer is on another segment of your network that is not accessible from your segment, i.e. the routing was not configured properly and you cannot access that network's segment at all.
Q: I am receiving the error 1747 ("The authentication service is unknown") whenever I try to connect to a computer.
A: The error 1747 occurs when the "Client for Microsoft Networks" option is not installed. To resolve this problem, install the "Client for Microsoft Networks". If you don't require the "Client for Microsoft Networks", it is best to disable it after installation (DeviceLock runs properly in this configuration). You can find more information on how to configure the Client for Microsoft Networks in the Microsoft's TechNet Library.
Also, on Windows NT 4 systems the RPC Security Service Provider could be configured incorrectly. Open the Control Panel's "Network" applet, select the "Services" tab, highlight the "RPC Configuration" record from the "Network Services" list and press the "Properties..." button. Then in the "RPC Configuration" dialog, set the "Security Service Provider" combobox to "Windows NT Security Service".
Q: I am receiving the error 1748 ("The authentication level is unknown") whenever I try to connect to a computer.
A: By default DeviceLock uses the highest level of authentification (it encrypts the argument value of each remote call, verifies only that all data received is from the expected source and authenticates and verifies that none of the data transferred between DeviceLock management consoles and DeviceLock Service has been modified). However, the computer on which you run DeviceLock management consoles may not support this level of authentification and you will need to decrease it. Start "Registry Editor" (regedit.exe) and create the "SecurityLevel" (type DWORD) parameter in the "HKEY_CURRENT_USER\Software\SmartLine Vision\DLManager\Manager" subkey, change the value for this parameter to 5 (1 - indicates lowest level, 6 - indicates highest level), then restart the console.
Q: I am receiving the error 1825 ("A security package specific error occurred") whenever I try to connect to a computer.
A: The error 1825 is similar to the error 1747 so please read this answer.
Q: Is it possible to manage DeviceLock® remotely?
A: Yes. You can use any DeviceLock® management console.
|
Products
Contact Us
DeviceLock®
Description
FAQ
