A Backup Retention

1. The duration of time we keep any and all backups for.

Example: You implement automated offsite backups  because of your organisations continuity meeting. 
You wish to be able to recover Data or the entire system at any backed up interval for 6 months.
This would allow you to get back that document that was edited by accident and not picked up for 5 weeks.

You must also consider your company consolidation policy when thinking about this.
E.G.: At what stage do you wish to take your daily images and consolidate them into a weekly recovery point.

1. Press Windows Key + X on the keyboard and then select “Command Prompt (Admin)”/"PowerShell Admin" from the menu.

2. Stop the BITS, Cryptographic, MSI Installer and the Windows Update Services. To do this, type the following commands at a command prompt. Press the “ENTER” key after you type each command.

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver

3. Now rename the SoftwareDistribution and Catroot2 folder. You can do this by typing the following commands in the Command Prompt/PowerShell. Press the “ENTER” key after you type each command.

ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 Catroot2.old

4. Now, let’s restart the BITS, Cryptographic, MSI Installer and the Windows Update Services. Type the following commands in the Command Prompt/PowerShell for this. Press the ENTER key after you type each command.

net start wuauserv
net start cryptSvc
net start bits
net start msiserver

5. Type Exit in the Command Prompt/PowerShell to close it and then restart the computer.

6.After restarting the computer, now retry to install Windows Updates.

Open Command Prompt as Admin
Run: Diskpart
DISKPART> list volume

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 System Rese NTFS Partition 500 MB Healthy System
Volume 1 C NTFS Partition 223 GB Healthy Boot
Volume 2 D SSD NTFS Partition 894 GB Healthy
Volume 3 E NTFS Partition 698 GB Healthy
Volume 4 F My Passport NTFS Partition 1862 GB Healthy

DISKPART> select volume 4
Volume 4 is the selected volume.

DISKPART> remove
DiskPart successfully removed the drive letter or mount point.

Uninstall All Pre-Installed Apps in Windows 10
Besides the individual apps, if you just want to get rid of all the pre-installed apps, then you can do that as well. Just open the Powershell as administrator, paste the below command in it and press the Enter button


Command:
Get-AppxPackage -AllUsers | Remove-AppxPackage
The above action will initialize the uninstallation of all the pre-installed apps for all the users. The Powershell window may display a bunch of errors with bright red text all over the screen. Just don’t freak out, as it is displaying errors regarding the apps it cannot uninstall.


Once uninstalled, your Start menu will look more cleaner than ever.

Windows Registry Editor Version 5.00

; Reset and delete all saved folder customizations and settings.
[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU]
[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags]

; Turn off Vista auto folder type template discovery.
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell]
"FolderType"="NotSpecified"

; Modify the storage space to 10000 for saving of up to 10000 folder settings.
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell]
"BagMRU Size"=dword:00002710

Import-Module bitstransfer
start-bitstransfer -source http://something/something.ext -destination c:\something.ext

Open Powershell
Install-WindowsFeature Net-Framework-Core

Active Directory Certificate Services transaction log files
When completing a critical or system state backup of the C: volume, a new transaction log will be generated under the c:\windows\system32\certlog folder.
Removing these logs is only safe as long as the CA database file is consistent. In order to remove these logs and reclaim disk space, follow these steps:

1. Open the Services MMC and stop the Active Directory Certificate Services service.
2. Make a backup copy of ALL the file contents present in the c:\windows\system32\certlog folder.
3. Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
4. Restart the Active Directory Certificate Services service.

The files do not exist in the correct locations.

The following adds the files needed in order to start the disk cleanup application.

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe C:\Windows\System32\

copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui C:\Windows\System32\en-US\

cleanmgr.exe

Follow the below step by step instructions:

1. Proceed to https://www.ssls.com/
2. Go to "Purchased Certs"
3. Select the "New Certificate" and click Activate
4. Login to the required client server
5. Open "IIS Manager" (Internet Information Services Manager) from "Administration Tools"
6. Select "Server Certificates"
7. Select "Create Certificate Request" in the menu pane on the right hand side.
8. Fill out the form as correctly as possible for the client.
9. Change "Bit Length" from 1024 to 4096.
10. Save certificate request to the desktop or C:\0
11. Open file in notepad and copy all text available.
12. Paste request text into ssls.com under the certificate you have activated.
13. Wait for response from ssls.com (this should change from "In Progress" to "Active".)
14. Once "Active" you can then download the certificate verification file.
15. Save file and copy to the client server under the required location. (C:\inetpub\.well-known\pki-validation)
16. Once this has been completed you will receive an email from ssls.com with the validation files.
17. Copy these files to the server and exract them to C:/0
18. Open iis manager and complete the certificate request.
19. You can now name the certificate example: VPN 120718
20. Remain in iis manager and select the Default Web Site and click "Edit Bindings".
21. Select the existing office.domain.com.au, click Edit and select the new certificate and Apply (or Add if the office.domain.com.au does not exist).
22. Open Routing and Remote Access, right click the Server Name and select properties.
23. Select the "Security Tab" and click the drop down box to select the new certificate. (You can confirm by clicking the view button)
24. Click apply and Close.
25. Open iis manager and restart iis.
26. Open routing and remote access and click restart.
27. Test and confirm all working.

Exchange 2010+ Example:
New-MailboxExportRequest -Mailbox AylaKol -FilePath "\\SERVER01\PSTFileShare\Ayla_Recovered.pst"

Exchange 2007 Example:
Export-Mailbox –Identity <mailboxUser> -PSTFolderPath <pathToSavePST>

Note: You will need to change the table names to that which is in use on the system.

INSERT INTO ´wp_users´ (´user_login´, ´user_pass´, ´user_nicename´, ´user_email´, ´user_status´)
VALUES ('newadmin', MD5('pass123'), 'firstname lastname', '[email protected]', '0');

INSERT INTO ´wp_usermeta´ (´umeta_id´, ´user_id´, ´meta_key´, ´meta_value´)
VALUES (NULL, (Select max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');

INSERT INTO ´wp_usermeta´ (´umeta_id´, ´user_id´, ´meta_key´, ´meta_value´)
VALUES (NULL, (Select max(id) FROM wp_users), 'wp_user_level', '10');

Webroot can be deployed using Group Policy (GP) which ensures that all systems connected to an AD environment are automatically receiving the installation instructions of Webroot.

1. Download the Generic MSI installer - Note: you will need to provide key and group details in order for this to successfully deploy into your environment.
   https://anywhere.webrootcloudav.com/zerol/wsasme.exe
2. The installation command for MSI will require a Key and  GROUP name. The group name is provided after doing the following
   1. Open the Admin Portal
   2. Enter the EndPoint Group
   3. Enter the Enpoint Protection
   4. Select Group management
   5. Create a Group - EG: "MSI Deployed"
   6. Select the Newly created Group
   7. Use the Actions DropDown Menu 
   8. Select "Deploy Endpoints to this Group"

You will be presented with instructions on command line. The most important part of this process is that it will have the group information as part of it. 
This should now be ready to have the computers run a "GPUPDATE /force" or alternatively wait a few restarts. Webroot should now be installed.
Deploy Endpoints to this Group
Please find below instructions on how to deploy endpoints directly into a specified group:
On the endpoint, download the Webroot SecureAnywhere installer file:
https://anywhere.webrootcloudav.com/zerol/wsasme.exe
Run the installer from a command line, using these commands:
wsasme.exe/key=xxxx-xxxx-xxxx-xxxx-xxxx /group=151843080810437779 /silent
For further deployment guidance, please reference the Deployment section of the help guide.

1. Create the Group Policy Process
   1. Open Group Policy Management and perform the following
   2. Create New or use Existing Policy
   3. Navigate to Computer Config -> Windows Settings -> Scripts (Startup/Shutdown)
   4. Edit Startup
   5. Select Add
   6. Browse to the WSASME.exe (downloaded earlier) via the network share. (eg: \\domain.local\SysVol\domain.local\scripts\wsasme.exe)
      Note: The network Share must be accessible to the computer. So you will need to allow it access. In my case i have added it directly to the SYSVOL folder which already has access.
   7. Within the Script Parameters type "/key=xxxx-xxxx-xxxx-xxxx-xxxx /group=151843080810437779 /silent" (without the quotations) 
      Note: Please replace the Key with the Actual Key from within the Webroot portal
   8. Select Ok and close your Policy. 
   9. Confirm in the Scope settings you are happy with the Security Filtering. (Domain Computers instead of Authenticated Users)

You will need to run GPUPDATE or restarts in order to activate the new installation of WebRoot.

Note: New versions will need a new WSASME.exe file

Microsoft released Outlook version 2104 build 13929.20372, and after installing the update, users of the click-to-run desktop client found that they could no longer properly view emails or create new ones. Further details can be found in the Admin Center under EX255650

 Update 11:00am: This process is now only working for some systems. If this doesnt work for you please contact us via 0398005703 and we can assist further

When attempting to view an email, instead of seeing the entire message body, they only see a small portion or a single line of the email message, as shown below.

Method:

1. Open any Office app, such as Word, and create a new document
2. Go to File > Account (or Office Account if you opened Outlook)
3. Under Product Information, choose Update Options > Update Now.
   Note: You may need to click Enable Updates first if you don't see the Update Now option right away.
   
4. Close the "You're up to date!" window after Office is done checking for and installing updates.

Validation Steps:

It is essential that this process is tested. In order to achieve this, please form the following

1. Please Close Outlook
2. Wait 10 seconds
3. Please Open Outlook
4. Confirm you can view emails as per normal when opened/reading pane (if used)

Choose Settings

Mail, Contacts, Calendars

Choose Add Account.

Choose Other

Add Mail Account.

On the New Account screen, enter the following:
Name: the name of the account
Email: [email protected]
Password: your password
Description: description of the account

Choose Next.
Make sure that IMAP is selected at the top of the screen.
Incoming Mail Server:
Hostname: outlook.office365.com
User Name: [email protected]/support (the alias of the shared mailbox)
Password: your password (This may have been auto-filled)

Scroll down to the Outgoing Mail Server section and enter the following:
Host Name: smtp.office365.com
User Name: [email protected]
Password: your password

Choose Next and wait for the server to verify your settings. When complete choose Save.

The shared mailbox should now appear within the mail app

Choose Settings > Accounts & Passwords
Choose Add Account.
Choose Other > Add Mail Account.

On the New Account screen, enter the following:
Name: the name of the account
Email: [email protected]
Password: your password
Description: description of the account

Choose Next.
Make sure that IMAP is selected at the top of the screen.

Incoming Mail Server:
Hostname: outlook.office365.com
User Name: [email protected]/support (the alias of the shared mailbox)
Password: your password (This may have been auto-filled)

Scroll down to the Outgoing Mail Server section and enter the following:
Host Name: smtp.office365.com
User Name: [email protected]
Password: your password

Choose Next and wait for the server to verify your settings. When complete choose Save.

The shared mailbox should now appear within the mail app

Configuration for Hyper-V host

The server must be setup to allow remote access. In Core you will need to do this via the numeric menu selections.
- Configure your IP Address & Hosting
NOTE: If windows updates are not up to date, you will NOT be able to connect. 

1. Log into Windows Server/Core with Admin Account
2. Enter PowerShell
3. Run: Enable-PSRemoting
4. Run: Enable-WSMANCredSSP -Role server
   1. Confirm with "Y"
5. NetSh Advfirewall set allprofiles state off

Client Configuration

1. Install Hyper-V Tools/Managment GUI
2. Open Powershell
3. Run: Enable-PSRemoting
4. Run: Set-Item WSMAN:\localhost\Client\TrustedHosts -Value "the-HyperV-Server-Name"
5. Run: Enable-WSMANCredSSP -Role client -DelegateComputer "the-HyperV-Server-Name"
6. Start ->Run: gpedit.msc
   
   1. ComputerConfiguration > Administrative Templates > System > Credential Delegation
   2. Right Click on "Allow delegating fresh credentials with NTLS-only server authentication"
   3. Click EDIT
   4. Click Show
   5. Add entry: wsman/the-HyperV-Server-Name

Authentication to the server must be selected. eg: "the-HyperV-Server-Name\Administrator"

https://www.zones.sagehandisoft.com.au/kb//article.php?id=253

Migrating HandiSoft programs to a new server

This article sets out some important points to note when migrating HandiSoft programs to a new server.

Before migrating HandiSoft to a new server

• Make a suitable working backup copy of the current HSoft Folder.
  
  Note: SQL version requires the HandiSoft SQL database to be backed up as well. 
  
  
• Make a note of the current location of Document Manager. 
  
  In Practice Manager, from the Options menu, click Document Manager and check the location of Docbase folder 

During Migration

1.    Copy HSoft folder across to the new location. For example c:HSoft.

2.    For the SQL version only, ensure that Hssql.ini file in the HSoft / Apps folder points to the new server and has the correct SA password.

3.    From the Sage HandiSoft website:Updates run the most recent Full Version followed by the upgrades to the new location.

 After Migration

1.    Change prefill path in HandiTax: 

In HandiTax, from the Options menu, click Tax Form Options, and under the Prefill Report section Delete the pre-existing path, and replace it with the new one. Leave blank for Default settings. Click Ok.

Note: This setting is user and program specific and will need to be applied to all active users in the current and all the prior year versions of HandiTax.

2.    (SQL Version Only) In HandiRegister, from the Options menu, click EDGE Setup, click EDGE Details. Adjust the EDGE Folder path at the top to point to the correct and existing path.

 3.    (SQL Version Only) In HandiTax, from the Options menu, click ELS Communications. Adjust the ELS Folder path at the bottom to point to the correct and existing path.

4.    Ensure the HandiSoft shortcuts icons on all workstation are redirected to the new server.

5.    Ensure that the HSoft folder is not being "real time" scanned by the antivirus (add to exclusion option).

6.    Check the correct NTFS and Share permissions are given to all users to access the HSoft folder.

7.    (SQL Version Only) Rename the HsoftAppsHsSql.ini file. Next Startup will configure HandiSoft again. (Will need SA password)

8.    Check that the location of the Docbase folder is valid (refer to the section: Before migrating to a new server, above). 

In Practice Manager, from the Options menu, click Document Manager and check the location of Docbase folder.

9.    If "Use Default Location" is selected - no changes are needed. However, if "Other location" was selected then, ensure it is the correct location for your current docbase folder.  

10.  Check all users have access to the document templates created in Document Manager. 

11.  Please refer to the following Microsoft support knowledge base article if your Word templates are slow to open after migration: While the article refers specifically to Word 2002 and / or Word 2003, it is applicable to all versions of Microsoft Word.

http://support.microsoft.com/kb/830561

12. If using the HandiConnect Service refer to the article on how to start the service here

 https://www.zones.sagehandisoft.com.au/kb//article.php?id=254

Activating the Microsoft Office add-ins in Document Manager enables you to save documents directly from Word, Excel and Outlook into the Document Manager.

Add-ins like the HandiSoft add-in provide optional commands and features to the host application and are dependent on the host application like Office in this instance allowing a protocol for the exchange of information.

From time to time you may experience the HandiSoft add-in dropping off and if it has not been caused by a change in these protocols from the host application it may be due to one of the following more common reasons:

1. User has inadvertently changed the load behaviour of the add-in
2. Conflicting with another Add-in
3. Entries set incorrectly in the registry
4. An Email is not Selected
5. Addin has been disabled.

If you are having problems with your HandiSoft Addin, close out of all Microsoft Office products.

Go to Document Manager and click Options - General from the menu. 

In the General Options click Deactivate and then Activate. This will often resolve any problems you are having. Most of the issues described below can be resolved by simply deactivating \reactivating the Microsoft Office Addin. 

1. User has inadvertently changed the load behaviour of the Add-in

 If Outlook is not closed correctly or crashes the next time it is launched the user may receive the following message

Outlook experienced a serious problem with the HandiSoft add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?

If you choose YES to this message the Add-in will be disabled and you will need to manually enable the Add-in or deactivate the Add-in and reactivate the Add-in as described above.

2. Conflicting with another Add-in

If the Handisoft Add-in is in conflict with another Add-in this will cause the add-in to drop off. The best method to detect if this is the cause is to disable all non-essential Add-ins and add them back in over a specified period of time. This will enable you to identify which Add-in is causing the issue. If the conflicting Add-in is not required, it will be best to leave it disabled.

3. Entries set incorrectly in the registry

Occasionally the entries may be set incorrectly in the registry. If this is the case it is best to deactivate the Add-in and reactivate the Add-in from Document Manager.

If you are confident working in the registry you can check the following settings.

The load behaviour should be set to 3

Office addin entries are located within HKEY_CURRENT_USER

Key: HK_CUSoftwareMicrosoftOffice<ProductName>Addins HsOfficeAddIn.HandiSoftOfficeAddIn

String Value - Default: <blank>

DWORD: CommandLineSafe: 0

String Value  Description: HandiSoft Office AddIn

String Value  FriendlyName: HandiSoft Office AddIn

DWORD  LoadBehavior: 3

(Outlook only) DWORD  RequireShutdownNotification: 1

<ProductName> is equal to Outlook, Excel or Word

If you attempt to enable the HandiSoft Office Add-in within Outlook and it does not enable, it could have been blacklisted by Outlook.

Outlook holds a list of Add-in resilience in the registry under the key

HK_CUSoftwareMicrosoftOffice<OfficeVersion>OutlookResiliency

Under this key is an additional 2 keys CrashingAddinList and DisabledItems.

Within both keys is a list of Binary values which will need to be inspected to determine if they are for the HandiSoft Office Add-In.

If the binary equals the path to the .dll deleting these entries will allow the Add-in to load again

It is possible however to stop Outlook from disabling the Add-in

Create a key named DoNotDisableAddinList under HK_CUSoftwareMicrosoftOffice<OfficeVersion>OutlookResiliency

Create a new DWORD named HsOfficeAddIn.HandiSoftOfficeAddIn and set its value to 1

4. Email is not Selected

Often we receive reports of the Add-in randomly disappearing from Outlook. The Add-in will only be available when an email is selected in Outlook. Try and select an email and establish whether the Add-in reappears again.

5. Addin is disabled

Deacting and Reactivating the Addin will reset the Addin and make it active again.

Within outlook click the file button in the top left-hand corner

In the menu on the left side of outlook click options

Within the outlook options click Add-ins

Down the bottom there will be a manage area

Make sure “COM Add-ins” is selected then click go

Check the box next to the handisoft add-in

Click ok and go back to the file menu

In the center area click “Manage COM Add-ins”

Find handisoft

Click options

Check “Do not monitor this add-in for the next 30 days”

Click apply and close

Then close and reopen outlook and the add-in should be enabled

Any issues activating office on Mac OS-X

Use the link below to download the Office Licence removal tool.

https://support.office.com/en-us/article/error-0xd000000c-when-activating-office-for-mac-da865931-4658-4829-ba2d-8133390c6d25?ui=en-US&rs=en-US&ad=US

Microsoft have numerous different options for Business.

3 main options exist and are recommended by Microsoft
To view more information on this head over to the Office page here: https://products.office.com/en-au/get-started-with-office-2019#compare_table

Microsoft released Outlook version 2104 build 13929.20372, and after installing the update, users of the click-to-run desktop client found that they could no longer properly view emails or create new ones. Further details can be found in the Admin Center under EX255650

 Update 11:00am: This process is now only working for some systems. If this doesnt work for you please contact us via 0398005703 and we can assist further

When attempting to view an email, instead of seeing the entire message body, they only see a small portion or a single line of the email message, as shown below.

Method:

1. Open any Office app, such as Word, and create a new document
2. Go to File > Account (or Office Account if you opened Outlook)
3. Under Product Information, choose Update Options > Update Now.
   Note: You may need to click Enable Updates first if you don't see the Update Now option right away.
   
4. Close the "You're up to date!" window after Office is done checking for and installing updates.

Validation Steps:

It is essential that this process is tested. In order to achieve this, please form the following

1. Please Close Outlook
2. Wait 10 seconds
3. Please Open Outlook
4. Confirm you can view emails as per normal when opened/reading pane (if used)

DriveLock Logo Customization

DriveLock Agent logos can be customized by adding files to the policy file storage. 
DLWizardLogo.bmp Customizes the large logo displayed on the right side of all wizards displayed by DriveLock Agent, e.g. in all encryption wizards.
The example shows a red X as the custom logo:

Format File:
BMP 24-bit color depth
Height: 48 pixels
Width: 48 pixels

DLPopupLogo.png Customizes the DriveLock logo as displayed in the Agent popup messages.
The example shows a red X as the custom logo:

Format File:
PNG file (32-bit color depth (24-bit color plus 8-bit alpha channel). Attention: the color depth is not checked and PNG images with less than 32-bit color depth will simply not be displayed.)
Height: 24 pixels
Width: 250 pixels (Or Lower as needed) 

Where to add these files:

To customize logos, just add these two files (with exact the same name) to the policy file storage of the policy that should be customized:
    - In DriveLock MMC open the policy,
    - Select Global configuration -> File storage.
    - Right-click and select New -> File… from the context menu.
    - Add the files.

The policy file storage should look like this:

Save (and publish) your policy.
Apply the policy to an Agent (restart DriveLock Agent if the same policy was applied before for the settings to take effect).

Scope: 

Quite often it is prefered if end users do NOT see menu items they may not need.

Answer:

These settings can be adjusted with the Policy that is assigned to the EndPoint.
Open your DriveLock Managment Console
Navigate and edit your policy (If your unsure on your Policy, give us a call and we can assist you)

When you are inside your policy you can exand the following menu tree: Company Policy -> Global Configuration-> User interface settings
Inside this area of the configuration you will find 'Agent user interface settings'

Within this area you can now adjust what the endpoint machines will receive within their start menu and system tray.

For those with DriveLock Encryption 2-Go you will need to go to:
DriveLock Policy -> Encryption -> DriveLock Encryption 2-Go -> Settings -> Encryption user experience

While some of the settings in this section are required, you can keep the start menu nice and clean, simply relying on the Windows Explorer options or System Tray Icon options.

For any assistance please get in touch with us and we can make your understanding/configuration as easy as possible.

In some scenarios it is important to keep the visual aspects of DriveLock as little as possible.
One of these is to disable the System Tray Icon all together.

Proceedure:

1. Open your DriveLock Management Console
2. Edit your Configuration File
3. Navigate to:
   1. Global configuration
   2. User Interface Settings
   3. Taskbar notification area settings
4. Change the user notification type to "None"
5. UnCheck the "Display notification area icon
   

When these changes are made, save and publish the policy. When the endpoints have updated their policy either by waiting the required time, or system/service restart the icon in the system try will now be removed.

For any assistance with this process please don't hesitate to reach out to us.

Scope: In some scenarios it is required to allow users to be apart of the authorisation process. This could mean the ability to bypass Application Whitelisting Control in order to run an update, or use a temporary USB stick.

Note: If you are after information on remote unlocking of an agent please visit here.

The following process will show you how to achieve this in a simple manner.
Note: This use case may differ from what you may require and should be used as a concept only.

Process: 

In your DriveLock Policy open Systems management / Self-service groups to add a new group (right click / New / Self-service group) or to edit (double click) an existing group.

Self Service Options:

Here you can configure the user experience for the self-service wizard and decide which options the user gets shown.

Within the Self Service tab you are able to select the options available to unlock aswel as the limitations to time.
E.G. service accounts have the ability to disable application blocking for 10 minutes, AND when the 10 minutes is completed all files written during that time will be added to the internal Whitelist

If you select to use the simple module selection page in the wizard the user will exactly get these options and no advanced options will be offered. Otherwise the user gets the option to select the devices more granular and advanced options may be offered on a next page.

Reporting:

Naturally you will want to  know when these events are taking place within your securied endpoints. This can be retreived very easily from the DriveLock Control Center.

End User

End User Self Service can be reached in 3 different ways
- System Tray Icon menu (If enabled)
- Start Menu (If enabled)
- Direct File Location: C:\Program Files\CenterTools\DriveLock\DLSelfService.exe

In some scenarios you will want to allow temporary unlock. However that unlock may require a restriction to the elements that can be unlocked or the time in which it can be done.

When connected to an endpoint via the Managment Console:

You will have the option of Unlock Wizard.

You are presented with a number of options on the unlock process.

You can define the period or time until which this temporary unlock is valid. The unlock is even maintained during a computer restart, e.g. if you temporarily unlock USB drives for the next three days, the computer can be rebooted in between.

When you unlock drives, you can select the following options to temporarily additional restrictions:

  ·  Disable file filtering and auditing during unlock period: Users can read and copy files that would normally be blocked based on file filtering rules. No auditing of file access is performed.
  ·  Unlock encrypted portions of encrypted drives: Allow access to unencrypted portions of drives that are encrypted using Encryption 2-Go. Commonly the Mobile Encryption Application (MEA) is stored on an unencrypted portion of such a drive.
  ·  Force accepting usage policy before drive can be accessed : The user must agree to a configured usage policy before the drive is unlocked.

These options are available for other modules:

  ·Disable web security (URL filtering) during the unlock period: Disables the Web Security module during an unlock (if licensed).

Click Next.

If you are using application control, you can specify settings here so applications can be disabled during unlock. You also specify whether and which application files are added to the local hash database during this unlock period.

Use the "Require user approval for all files after unlock period ends" option to check the "learned" applications manually after the unlock is finished before they are added to the local application database and thus unlocked.

Click Next.

Finally, select the required unlock period, either in minutes or up to a specific date and time.

 As administrator, you can also enter a text (for example, the reason for unlocking) at this point. This text is also stored in the event and can be evaluated via reporting.

In some scenarios it is important that any USB that is allowed in the organisation is encrypted.
Should there already be data on this device you can have the option to format first or automatically copy the data back onto the now encrypted device.

There are a number of settings that can be applied automatically or enforced.
Encryption Strength, Password Strength, Method to delete Securely, Password recovery settings, Encryption user experience, End User restriction

These can be found within the Encryption area of your Policy:

Below is an example of the settings that can be commonly applied within some environments.

To discuss these options in details please feel free to contact us.

What is USB Security and Why have you been directed here?

You have been directed here as you have plugged in a non approved USB into the corperate network.
Don't worry, the risk to the company has been mitigated.

Infections from USB are growing on a daily basis. Not only can they be used to spead infection, they are also being used to transfer Company data. 
Don't use unknown USB Sticks. If you are unsure, give it to your IT Team to check out.

Company Data on a USB:

This sounds normal right? Im going to add my documents and use them on my laptop for the presentation Friday. (A very common scenario)
However during the presentation while packing up the USB is accidently left there. With company sales figures/ Profits & Loss or perhaps a sales forcast of clients the company is working on.
So you lost a USB stick. It happens right? 
Don't let a simple mistake cost the business financially or reputation when the information gets out.
USB Encryption is the Key. Add your presentation to the Encrypted folder and it doesnt matter if you loose it.
Simple steps avoid Company risk.
Speak to your HelpDesk to learn more.

 Unknown Malicious Software

Many USB sticks have been infected without the knowledge of the user. A number of these infections lay dorment, colling information for a long period of time before it is executed.
It has also been known that some usb sticks direct from a sealed package have been pre-loaded with malware/ransomware.

Because you have the access rights to adjust company data, an unknown malicous application has the potential to great harm to the business. With this in mind, we have restricted access to this device.

What to do:
Non approved USB sticks should not be inserted into company computers. If you have recieved a USB from the company and are recieving this message, please contact the helpdesk to have the USB reviewed. (It is common to review USB sticks ongoing)