Administrative Alerts
You can enable administrative alerts to automatically notify you of critical events, requiring direct administrator actions. Once enabled, an alert will be sent to the specified destinations when such a critical event is encountered.
When you select Administrative Alerts in the console tree, the details pane lists administrative alerts that you can enable or disable.
In the details pane, right-click any alert to display a shortcut menu that contains the following commands:
•Enable - Enables the online (regular) administrative alert.
•Disable - Disables the online (regular) administrative alert.
•Undefine - Returns the regular administrative alert to the unconfigured state. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.
•Enable Offline - Enables the offline administrative alert.
•Disable Offline - Disables the offline administrative alert.
•Undefine Offline - Returns the previously defined offline administrative alert to the unconfigured state. If offline administrative alerts are undefined, regular administrative alerts are applied to offline client computers.
•Manage - Opens a dialog box where you can configure regular administrative alerts collectively.
•Manage Offline - Opens a dialog box where you can configure offline administrative alerts collectively.
•Remove Offline - Blocks the inheritance of offline administrative alerts and enforces regular administrative alerts. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.
Note: You can enable different online vs. offline administrative alerts. Online alerts (Regular Profile) are generated when client computers are working online. Offline alerts (Offline Profile) are generated when client computers are working offline. By default, DeviceLock works in offline mode when the network cable is not connected to the client computer. For detailed information on DeviceLock offline policies, see
DeviceLock Security Policies (Offline Profile). |
Available administrative alerts include:
•Notify if DeviceLock Administrators settings are changed - DeviceLock sends this notification when any changes have been made to the DeviceLock Administrators settings. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the user, the user’s SID, and the event ID.
•Notify if attempt to change Service settings is denied - DeviceLock sends this notification when DeviceLock Security is enabled and a user with insufficient access rights attempts to modify DeviceLock Service settings multiple times over a short period. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the user, the user’s SID, and the event ID.
•Notify if attempt to change Service settings with enabled “Override Local Policy” is denied - DeviceLock sends this notification when the Override Local Policy parameter is enabled in DeviceLock Group Policy Manager and any user that connected DeviceLock Management Console to the computer running DeviceLock Service attempts to modify the service’s settings. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the user, the user’s SID, and the event ID.
•Notify if Service settings are changed - DeviceLock sends this notification when one or more DeviceLock Service settings (except for DeviceLock Administrators settings) have been modified. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the type of device or protocol involved, the user’s activity type, the type of the profile, the name of the user, the user’s SID, and the event ID.
•Notify if Service settings are corrupted - DeviceLock sends this notification when DeviceLock Service starts and detects corruption of its settings. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the user, the user’s SID, and the event ID.
DeviceLock Service uses a checksum calculation to validate its settings. All corrupted settings are automatically restored.
•Notify if Service was recovered - DeviceLock sends this notification when the DeviceLock Driver starts and detects removal of one or more DeviceLock Service installation files. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the user, the user’s SID, and the event ID.
All missing files are automatically restored.
•Notify if local storage quota is exceeded - DeviceLock sends this notification when the local storage quota for audit/shadowing data, the alert queue, and data for content analysis has been exceeded. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the user, the user’s SID, and the event ID.
•Notify if Service is stopped - DeviceLock sends this notification when DeviceLock Service starts after it has been stopped. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the version number of DeviceLock Service, the name of the user, the user’s SID, and the event ID.
•Notify if Service is uninstalled - DeviceLock sends this notification when DeviceLock Service is uninstalling. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the version number of DeviceLock Service, the name of the user, the user’s SID, and the event ID.
•Notify if Service was terminated - DeviceLock sends this notification when DeviceLock Service restarts after incorrect termination. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the version number of DeviceLock Service, the name of the user, the user’s SID, and the event ID.
•Notify if Alerts settings are changed - DeviceLock sends this notification when one or more alert settings have been modified. The notification is sent according to the previous alert settings. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the type of the profile, the name of the user, the user’s SID, the identifier of the process associated with this event, and the event ID.
•Notify if keylogger is detected - DeviceLock sends this notification when hardware USB keylogger is detected. The notification will include such information as the type of the event, the name of the computer, the date and time when the event was received, the user’s activity type, the name of the USB device detected as a keylogger, the name of the user, the user’s SID, and the event ID. The
Log event parameter in
Anti-keylogger options should be enabled to allow this notification. For more information, refer to the
Anti-keylogger section of this manual.
Managing Administrative Alerts
Administrative alerts can be enabled individually or collectively.
To enable online (regular) or offline administrative alerts individually, right-click any Administrative Alert, and then click Enable or Enable Offline. The Administrative Alert changes its online/offline state from “Not Configured” to “Enabled.”
Once you have enabled a particular Administrative Alert, you can disable it. To do so, right-click the enabled Administrative Alert, and then click Disable or Disable Offline. The Administrative Alert changes its state from “Enabled” to “Disabled”.
You can also disable or enable an online (regular) alert by double-clicking it.
To enable online (regular) or offline administrative alerts collectively, right-click any Administrative Alert, and then click
Manage or
Manage Offline. Alternatively, you can select any Administrative Alert, and then click
Manage 
or
Manage Offline 
on the toolbar. Next, in the dialog box that opens, select the appropriate check boxes for the administrative alerts that you want to enable. Once you have enabled Administrative alerts, you can disable them. To do so, clear the appropriate check boxes.
Note: All check boxes in the Administrative alerts (Offline) dialog box have three states: selected, cleared, and indeterminate that correspond to the Enabled, Disabled, and Not Configured states of administrative alerts. |
