Reference for SafeConsole Cloud and OnPrem

SafeConsole Admin Guide

DataLocker Inc. May 2021

Reference for SafeConsole Cloud and OnPrem

1

SafeConsole Admin Guide

Contents

Introduction

5

What is SafeConsole? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

What is the purpose of SafeConsole? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

How do the devices become managed by SafeConsole? . . . . . . . . . . . . . . . . . . . . 5

SafeConsole Basics

6

SafeConsole Staff Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Best Practice for Fast-Track Learning of SafeConsole . . . . . . . . . . . . . . . . . . . . . . . . 6

SafeConsole Click-Through Tour

7

Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Manage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Connect your first device to SafeConsole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Managing Drives

11

Drive Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Viewing and editing device and user data

13

Drive data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

User data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Policies - Configuring password policies and features

19

Policies section navigational overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Policy Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Applying a policy to a Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Policy - User defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Policy - Anti-Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Policy - Device State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Policy - Inactivity Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Policy - Authorized Autorun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Policy - Password Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Policy - Remote Password Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Policy - Write Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Policy - File Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Policy - Device Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Policy - Custom Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Policy - ZoneBuilder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

? Copyright DataLocker Inc.

2

SafeConsole Admin Guide

Policy - Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Policy - GeoFence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Policy - Trusted Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Policy - Client Application Updater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Policy - K300/K350/DL4 FE - Standalone Logins . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Policy - PortBlocker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Danger Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Audit Logs - User and Admin actions

38

User Audit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

System Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Server Settings

38

General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

SMTP Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Custom Email Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

SIEM Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Single Sign On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Geolocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Manage Endpoint Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Admins - Setting up SafeConsole admin staff

42

Admin account profile settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Admin staff access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Setting up new admin staff accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Remove admin staff access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Customize admin information display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Export admin staff info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Setup two-factor authentication for admin staff . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Enable Geofence policy for web console access . . . . . . . . . . . . . . . . . . . . . . . . . 44

Custom Role-Based Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Connecting devices to SafeConsole

44

Drive Connection Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Quickly connect a device to SafeConsole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Registering your organization's devices to SafeConsole . . . . . . . . . . . . . . . . . . . . . . 45

Troubleshooting device registrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

? Copyright DataLocker Inc.

3

SafeConsole Admin Guide

License installation

46

Licensing for SafeConsole On-Prem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Support

46

Best practice for troubleshooting

47

? Copyright DataLocker Inc.

4

SafeConsole Admin Guide

Introduction

This guide provides SafeConsole administrative users with the knowledge required to configure and handle SafeConsole on a day-to-day basis. This guide is applicable for both SafeConsole Cloud and On-Prem administrators. However, it does not cover on-prem installation. For the most up-to-date resources please visit our support page. For deployments of PortBlocker, refer to the PortBlocker Admin Guide.

What is SafeConsole?

SafeConsole is a web server and a database that is accessible for authenticated administrators to manage registered endpoints through a web browser. The endpoints connect to the SafeConsole server through HTTP over SSL (TLS 1.2 over a configurable port - with 443 set as the default) to register and fetch their policies and configurations.

What is the purpose of SafeConsole?

SafeConsole offers organizations control of portable encrypted storage devices and endpoint USB port usage while supporting the users with password resets and more. Learn more about SafeConsole at safeconsole

How do the devices become managed by SafeConsole?

Endpoints are registered to SafeConsole using the standalone device software on the read-only partition either by:

? The device software recognizing a deployed registry key that contains the SafeConsole Connection Token - this prompts the device software to enter the setup and prefills the Connection Token from the registry key contents.

? The user entering a server common SafeConsole Connection Token in the device software, optionally complemented with a unique registration token, that can be emailed through SafeConsole together with the Quick Connect Guide.

Once registered, the devices have the server information embedded in a hidden area of the device and can be used on any computer - if allowed to do so. Drives can be reassigned in SafeConsole if you wish to register devices on behalf of your end-users. The process for endpoint communication and setup is the same for SafeConsole Cloud and SafeConsole On-Prem.

? Copyright DataLocker Inc.

5

SafeConsole Admin Guide

SafeConsole Basics

SafeConsole Staff Access

The SafeConsole web dashboard can be accessed through different account types:

? Account Owner The Account Owner is the initial SafeConsole Admin that is created when a license is imported. Certain SafeConsole features are only available to this Admin and this Admin has full access to all settings.

? SafeConsole Admin Access is set up using one's email address to receive an invitation with an activation link. The invitation also contains the URL to the SafeConsole Server.

? SSO Admins Allows SafeConsole access to be granted to users in a federated service via a SAML2.0 connection.

? SafeConsole On-Prem Can be accessed either using credentials set up in the SafeConsole Configurator or Active Directory credentials assigned to a configured Security Group.

Best Practice for Fast-Track Learning of SafeConsole

Following this approach will prepare you to deploy the SafeConsole solution to your organization efficiently:

1. Review the short Basics section of this guide. 2. Configure - Try configuring some policies that apply to all devices. 3. Connect - Register your endpoints and see the policies enforced. 4. Manage your device. Try to do a Password Reset or a Factory Reset. 5. Reports - Review and Export Reports. You may be asked to answer questions about the

system by your organization. Familiarize yourself with the Exported XML or CSV in Excel.

? Copyright DataLocker Inc.

6

SafeConsole Admin Guide

SafeConsole Click-Through Tour

To the left, SafeConsole has the main menu and at the top-right, there is a drop-down menu for Profile Settings and Logout. In the Profile Settings, Two-factor Authentication can be activated by each individual SafeConsole staff member. SafeConsole administrators can verify that two-factor authentication has been activated under the Admins button in the main menu. In short, these are the main menu items.

Dashboard

The landing page of SafeConsole provides a birds-eye view of the server.

Manage

The Manage page of SafeConsole lets you edit and configure Policies, Users, Drives, and Portblocker endpoints. Clicking a blue link in one of the Manage sections will filter entries based on the selected link. For example, clicking on a User's Path will show the policy for that path, clicking on a link in the Users column will show the corresponding user and devices registered to that user, and clicking the owner, user, or device serial number in the Drives section will show the relevant popup. You can use these filters to help find related entries.

Policies

? Copyright DataLocker Inc.

7

SafeConsole Admin Guide

Modify the default policy or set configurations of registered endpoints based on the user's path. Paths directly relate to the user's placement in a directory service, such as Microsoft's Active Directory. A path can include multiple users. Edit the Path's policy by selecting its active policy version (i.e. Custom #2). All policy configurations will appear listed in a popout. Click Save to apply the new policy. There are blue inline help texts and More info icons that can be expanded and will explain each policy. Policies are checked and applied each time the endpoint achieves a connection to SafeConsole. To remove and reset all policies for all paths, users, and devices, open up the Policy Editor and click Danger Zone at the very bottom.

Users

Displays your organization's users. Here you can also delete users from the system and perform actions on their endpoints. Click the blue link in the User column to display the User Details window. Here, the user's name, email, and path can be edited. This popout also shows the endpoints registered to the user and gives the option to send the unique token to the user in an email.

At the top right, you can manage which columns to display and export all of the registered data in CSV or XML format. In the dropdown menu, select the columns of data you want to display or remove. Click away from the dropdown menu to close it. The data will be updated according to your selections. To easily scroll the columns on the horizontal axis, press Shift+Mouse wheel. This applies to all data tables in SafeConsole.

To add users, you can manually add new users one-by-one or import a standard CSV format. Click the + Add new User button to see screenshots to assist with one-by-one user creation. The Import CSV popup contains added instructions to assist with this process.

? Copyright DataLocker Inc.

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download