Security settings for agent installations
Configuration: DOC -> Settings (cog icon) -> Installations -> Security settings
The DriveLock Enterprise Service generates a unique join token for each tenant, which must be specified during the installation of an agent so that the agent can be added to the tenant.
Existing agents do not need this join token, only new agent installations will be checked.
The join token is automatically passed to the MSI when the agent is installed from the DOC.
f you run the DriveLock Agent setup manually, the join token must be passed to the MSI as a parameter:
USEJOINTOKEN=1 JOINTOKEN=<Join Token>, for example.
msiexec /I "d:\DriveLock Agent X64.msi" /qb USESERVERCONFIG=1 CONFIGSERVER=https://dlserver.dlse.local:6067 USEJOINTOKEN=1 JOINTOKEN=c93a2959-0c10-444b-b700-6f8ec3630ad2
If the token is missing on the agent or an incorrect one is specified, the DriveLock Agent can be installed, but it will be rejected by the DriveLock Enterprise Service. In this case, you can use the driveLock -SetJoinToken <Join Token> command to set the join token afterwards. Then you need to restart the DriveLock service or call the driveLock -updateconfig command.
If the registration fails, an error message will be displayed in the tray icon on the agent. DriveLock Enterprise Service generates a corresponding event with the reason for rejecting the agent.
| ID | Type | Meaning |
| 2105 | Success audit | An agent successfully registered |
| 2106 | Failure audit | The agent tried to register with the invalid join token '%1'. |
| 2107 | Failure audit | The agent tried to update its agent ID to the new value '%1'. This is not permitted. Please reset the agent registration via DOC if this change is intended |
| 2108 | Failure audit | Rejected access to DES for agent. The agent sent the not existing agent ID '%1'. |
| 2109 | Failure audit | Rejected access to DES for agent. The agent sent the agent ID '%1' which does not belong to it. The conflicting data (name/ID) is: %2 |