Service Settings
To avoid unauthorized modification you can sign a file containing DeviceLock Service settings exported from DeviceLock Management Console or DeviceLock Group Policy Manager or created using DeviceLock Service Settings Editor.
Later this file can be sent to users whose computers are not online and thus out-of-reach via management consoles.
There are six simple steps to signing a settings file:
1. Load the DeviceLock Certificate private key as described
earlier.
2. Load the file with DeviceLock Service settings to sign.
The full path to this file must be specified in the
Unsigned file field. You can use the
button to select the file.
The file with DeviceLock Service settings can be created using the Save Service Settings command from the shortcut menu in DeviceLock Management Console, DeviceLock Group Policy Manager or DeviceLock Service Settings Editor.
3. In the
Signed file field, specify the resultant file. You can use the
button to select the folder where this file will be created.
4. Decide whether the resultant file should contain expiration information or not.
If you want to allow users to import settings from this file without any time limitations, clear the Valid until check box.
If you select the Valid until check box and specify the date/time, then the expiration information is written to the resultant file and users can import settings from this file only before the specified date/time.
Please note that this parameter affects only users that are trying to import DeviceLock Service settings via the DeviceLock applet from the Windows Control Panel. When a file with settings is loaded using Load Service Settings from the shortcut menu in the DeviceLock Management Console or DeviceLock Group Policy Manager, the expiration information (if any) is ignored.
5. Decide whether the resultant file can be used only on specific computers or not.
If you want to allow users to import settings from this file on any computers, clear the Only for computer(s) check box.
If you select the Only for computer(s) check box and specify the computer name then users will be able to import settings from this file only on this specified computer. Using the semicolon (;) as a separator, you can specify several computer names such that the resultant file can be used on any of these computers.
Note: You can’t use the computer’s IP address in this parameter. You must specify the computer name exactly as it is displayed in the System applet from the Windows Control Panel. On Mac computers the name reported by the hostname command must be used. The same name is available in System Preferences > Sharing. |
You can also load a predefined list of computers from the external text file. To open an external file, click the
button. This text file must contain each computer’s name on separate lines.
Please note that this parameter affects only users that are trying to import DeviceLock Service settings via the DeviceLock applet from the Windows Control Panel. When a file with settings is loaded using Load Service Settings from the shortcut menu in the DeviceLock Management Console or DeviceLock Group Policy Manager, the computer’s name information is ignored.
6. Click the Sign button to create a signed file with DeviceLock Service settings. Provide this file to the user in any suitable way.
The process of file signing can be a time-consuming operation. It depends on your computer’s processing speed and could take as long as several seconds.
