Home DeviceLock FAQ
DeviceLock FAQ
General


Registration & Payment


Installation


Troubleshooting

Miscellaneous

 

 

Q: What is DeviceLock?
A: DeviceLock for Windows NT/2000/XP/2003/Vista/7/2008 gives network administrators control over which users can access which peripheral ports and devices (floppies, serial and parallel ports, "Removable", Magneto-Optical disks, USB, FireWire, PDAs, MP3s, DVD/CD-ROMs, ZIPs, etc.) on any managed computer. Once DeviceLock is installed, administrators can control user and group access to USB, CD-ROMs, printers, or any other removable device with various access parameters that include Read/Write/Format access, time of day and day of the week, which file types, if it is encrypted or not, and many other settings. DeviceLock provides the ability to audit peripheral port/device activities as well as shadow copy any files that were allowed to be moved. DeviceLock can protect network and local computers against viruses, trojans and other malicious programs often injected from removable disks at the endpoint. Version 7.0 will introduce optional modules ContentLock and NetworkLock that are integrated but separately licensed.  These provide robust content-aware rules as well as access/audit rules for network protocols (HTTP/HTTPS, FTP/FTPS, SMTP/SMTPS, Telnet, etc), applications (email, web mail, instant messengers), and other communications (social media like FaceBook, Twitter, etc.) through endpoint IP ports.
 
Q: Can I be notified when DeviceLock is updated?
A: Absolutely. To receive news about DeviceLock, join our mailing list. Enter your email address below, then click on the 'Join!' button:

 

 


Q: What limitations are there in an unregistered version?
A: There are no functional limitations for an unregistered version and you may use DeviceLock (during the 30-day evaluation period) as a working program but only on 2-3 remote computers. Please call for a license file that allows use on more computers for the evaluation period.  An unregistered version of DeviceLock displays "nag" screens and messages.

Q: I bought the Single license of DeviceLock. Could I install DeviceLock on all the computers in my network?
A: No. You may install the DeviceLock Service on only a single computer but DeviceLock management consoles and the DeviceLock Enterprise Server (DLES) can be installed on any number of your computers. The Single license gives you the right to use DeviceLock to manage one computer, so you are able to control access on only one computer. If you wish to use DeviceLock on several computers, you need to purchase the appropriate number of Single licenses that would be controlled by 1-to-few license files (typically there is one license file containing the appropriate number of Single licenses per domain/trusted forest/network).

    For example, if you wish to control access on:
  • one computer - you need to purchase one Single license ;
  • two computers - you need to purchase two Single licenses ;
  • 200 computers - you need to purchase 200 Single licenses ; 
  • 5,000 computers - you need to purchase 5,000 Single licenses ;
  • 100,000 computers - you need to purchase 100,000 Single licenses ;
  • and so on... volume pricing discounts are available at various volume breaks; 

    DO NOT BUY ONLINE as better pricing is available for certain volumes and for US Federal customers.  Please This e-mail address is being protected from spambots. You need JavaScript enabled to view it directly for a quote.

Q: I bought a license for DeviceLock. Do I need to buy another license each time DeviceLock is upgraded or a newer version is released?
A: No. When you purchase a license for DeviceLock, you automatically purchase future releases and updates that will be released within 12 months from the date of purchase. It means that during one year you can download and install the latest versions of the software from our site, and the license keyfile that you received from us will work with the latest product version.

After 12 months If you don't want to purchase a renewal of coverage during the 60-day grace period or an upgrade thereafter, you can use the program for that version you have forever; it will never expire, but you won't be able to use any newer versions or support.

 


Q: Can I install DeviceLock under Windows NT/2000/XP/2003/Vista/7/2008 if I don't have administrative privileges?
A: No. You cannot install DeviceLock under Windows NT/2000/XP/2003/7/2008 without having administrative privileges. To correctly install DeviceLock under Windows NT/2000/XP/2003/Vista/7/2008 you MUST have administrative privileges. If you are going to use DeviceLock only on a local computer, you must have local administrative privileges. But, if you are going to use DeviceLock throughout your network, you must have domain administrative privileges.

Q: Can I install DeviceLock under Windows 95/98 or Windows Me?
A: If you want to control access to devices on Windows 9x/ME, there is a special version called DeviceLock ME.

Q: Is it possible to install DeviceLock using Microsoft Systems Management Server (SMS)?
A: Yes. You can use the package definition files (DevLock.pdf for SMS version 1.x and DevLock.sms for SMS version 2.0 and later) supplied with DeviceLock, located in the sms.zip file.  The DeviceLock Services for 32-bit and 64-bit computers have different MSI files available.

Q: Can I install the DeviceLock Service on the remote computer without having to physically go to it?
A: Yes. DeviceLock supports Remote Install. If the DeviceLock Service isn't installed on the remote system or if the DeviceLock version is too old, DeviceLock Management Console (DLM for very small implementations... <25 PCs) will suggest that you install the service and then the DLM will copy it to the remote computer. The DeviceLock Service executable file will be copied to the Windows system directory (e.g. c:\windows\system32) if this service doesn't exist on this system. If the service exists on this system, but is too old, DeviceLock will copy the executable file to the directory of the old file and the old file will be replaced. For larger implementations of DeviceLock, the DeviceLock Enterprise Manager (DLEM) console should be used to install the DeviceLock Service to any number of computers at one time and then the DeviceLock Service policy settings template(s) as well.  In Active Directory (AD) environments, the DeviceLock Service can be distributed to all computers in an AD container with a software installation group policy object (GPO). Other AD GPOs would be used to deliver and maintain the DeviceLock Computer Configuration group policy settings as well via the DeviceLock MMC snap-in console to Group Policy.

 


Q: Which ports do I need to open on the firewall to allow DeviceLock to work?
A: You need to open 135-139 ports and all ports above 1024 for incoming and outgoing packets:

  • Port 135 (TCP) - for Remote Procedure Call (RPC) Service
  • Port 137 (UDP) - for NetBIOS Name Service
  • Port 138 (UDP) - for NetBIOS Netlogon and Browsing
  • Port 139 (TCP) - for NetBIOS session (NET USE)
  • Ports above 1024 (TCP) - for RPC Communication
DeviceLock works like any other standard Windows NT/2000/XP/2003/7/2008 administrative tool (such as Event Viewer, Services, Computer Management, etc.) so, if these tools work then DeviceLock will work, too.

Q: I am receiving the error 1722 ("The RPC Server is unavailable") whenever I try to connect to a computer.
A: The error 1722 means that DeviceLock Manager cannot access DeviceLock Service on the remote computer. There are several possible reasons:

  • the remote computer does not exist on the network (the computer's name or IP address is incorrect or this computer was shut down recently but its name still exists in the network browser);
  • the remote computer is not a Windows NT 4.0/2000/XP/2003/Vista/7/2008 computer and DeviceLock Service cannot be installed on this computer;
  • the remote computer is behind a firewall that was not configured properly (to configure a firewall, please read this answer);
  • the remote computer is on another segment of your network that is not accessible from your segment, i.e. the routing was not configured properly and you cannot access that network's segment at all.

 


Q: Is it possible to manage DeviceLock remotely?
A: Yes. You can use DeviceLock Management Console (DLM) for one computer at a time, the DeviceLock Enterprise Manager Console (DLEM) to manage one-to-many selected computers at a time, or the DeviceLock MMC snap-in console to Actice Directory Group Policy for managing all the computers in an AD container at a time.