Skip to main content

Getting started with the DESlock+ Enterprise Server - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Getting started with the DESlock+ Enterprise Server

Authors list

Software Install

After installing the DESlock+ Enterprise Server, a wizard will run to guide you through the setup process (see: http://support.deslock.com/KB119).

However the aim of this setup wizard is only to configure the database enough to allow a login to the initial organisation. There are other configuration steps necessary within the Organisation itself which you will need to perform after this initial setup, and indeed will need to perform again if you create and add a new Organisation to an existing server.

This guide will detail the other configuration options you may wish to consider before you start actually managing users within the Organisation.

 

Creating Teams and defining user policies

User polices define what software features are available on the DESlock+ client, control security policies (e.g. minimum password strength and removable media encryption) and can set default options for users.

All DESlock+ policies in the Enterprise Server are hierarchical; meaning any policies defined in a "Team" within the Enterprise Server will automatically be inherited by all "Sub Teams". This means you can change only a single policy and apply it to a single user in a team, without affecting the other users, by creating a sub team with that one policy difference and moving the user to that team.

Team structure means you may wish to consider the layout of your organisation initially. If you are happy with ever user having the same policy then all users could be placed in a single root team. Or you may wish to have alternative policies for different users. Or you may even just wish to use the teams to group users by geographical location, business function or role, without changing the policies.

Users can be moved between teams, and policies changed, at any time. So it doesn't matter that you get this right straight away. You could choose to start with all users in a single team with one policy, and as you and your users become more experienced with the software, make changes then.

For more on user policies, see: http://support.deslock.com/KB251

For a brief description on the different types of policy in the Enterprise Server see: http://support.deslock.com/KB252

Creating encryption keys

If you are using the granular encryption features of the DESlock+ client for file, folder, container or email encryption, you may wish to assign encryption keys to your users. Basically put, if you wish users to share the same encrypted data then they will need to be assigned the same encryption key. And if you do not wish users to access encrypted data, then they should not be granted that particular encryption key.

These encryption keys are only applicable to the granular encryption features and are not related to Full Disk Encryption.

As with policies, encryption key access is granted hierarchically, so users in a sub team will inherit encryption keys from a parent team. And keys can also be added and removed at any time so you can skip this stage initially and add keys later.

For more information on creating and assigning keys see: http://support.deslock.com/KB163

Adding licences

Before the DESlock+ client can be activated, the user must be licensed. This is done by selecting a licence from within the Enterprise Server. To add these you should receive a Product ID and Product Key when you purchase the licence. An Enterprise Server can store multiple licences and these might be different licences for different products (e.g. for Windows operating systems or for Mobile devices), or might contain different feature sets (e.g. Professional licences for users who require Full Disk Encryption, and Standard licences for those that do not).

For more information on adding licences see: http://support.deslock.com/KB218

Adding Users

There are two basic ways to add users to the Enterprise Server: you can either add the details manually or; import the details from Activate Directory. There is no actual difference with either approach and the users in the Enterprise Server would be identical in either case. Although one benefit to the Active Directory synchronisation is that it will automatically keep user details up to date in the Enterprise Server, if they are changed in the Active Directory. Or if you make use of the Team import it will create and maintain Teams within the Enterprise Server that correspond to the Organisational Units (OUs) defined in the Active Directory. But in either case the users are licensed in exactly the same way and there is absolutely no difference in behaviour on the DESlock+ client.

Manually add users

Users can be added directly to a team by typing or pasting their details into the Add interface. For more details see: http://support.deslock.com/KB166

Import from Active Directory

Users can be imported into the Enterprise Server from an Active Directory. For more details see: http://support.deslock.com/KB113

Define workstation policy

Workstation policies operate in a similar way to user policies. The main point of the workstation policy is to control policies when the user deactivates DESlock+, and to be in place before they have activated. It also contains some workstation specific settings.

The workstation policy is included in the DESlock+ client MSI so once defined, they will be included in the install when the install is created.

In a similar concept to User teams, you may wish to use Workstation teams either to arbitrarily group workstations into more convenient sets, or make it easier to have different sets of policy available for different situations.

For more on workstation policies, see: http://support.deslock.com/KB229

For a brief description on the different types of policy in the Enterprise Server see: http://support.deslock.com/KB252

Create managed install

There are two ways to install the DESlock+ client. Firstly you may download the MSI from the Enterprise Server and deploy this manually or with third party tools like SCCM, Altiris or Avnet BMC (Marimba). Secondly, you may use the network push function in the Enterprise Server to automatically connect to the workstation over the network and run the install automatically.

There is no functional difference between either approach and the DESlock+ client will operate identically in either case. So use the approach that is either the quickest or easiest for you.

For more information see: http://support.deslock.com/KB253

Updating client installs

The DESlock+ client software is frequently updated so depending on the age of your Enterprise Server, you may not have the latest version available. Alternatively, you may wish to add a non English language version of the client software to the Enterprise Server. You can therefore make changes to the client installs by uploading new versions and removing old versions you no longer need. For more information see: http://support.deslock.com/KB82

Activating a user

The final step in using the Enterprise Server is to activate the user. This will also add the workstation record to the Organisation, and from this point you will be able to manage both the user and workstation and, if available, perform Full Disk Encryption operations.

For more information see: http://support.deslock.com/KB216

 

 

 

 

Keywords: getting started enterprise server setup set up how to install installation

Add a comment

Please log in or register to submit a comment.

Need a password reminder?