Group policy object

Another way of configuring the DriveLock Agent on multiple computers in a network is by using an Active Directory Group Policy. DriveLock can be configured by using the Group Policy Object Editor in conjunction with the DriveLock Management Console (MMC) snap-in. This snap-in is automatically installed as part of the DriveLock installation.

DriveLock can use Group Policy to deploy settings to computers that belong to an Active Directory domain. The DriveLock Agent running on these computers automatically applies all settings that are contained in the Group Policy Object.

In an Active Directory environment, computers are organized into organizational units (OUs) to implement common identical settings; it is therefore common practice to assign group policies - which include DriveLock settings - to OUs. Another reason for using OUs is the ability to delegate administrative tasks. Assigning GPOs to an OU instead of an entire domain or Active Directory site is a recommended practice because it allows you to maintain the appropriate protection level for each department or business unit.

To add existing or new Group Policies containing DriveLock settings, right-click Policies -> New -> Add Group Policy Object... to add the Group Policy to the MMC.

After that, select the appropriate GPO and click Edit. This opens a new window with the Microsoft GPO Editor where you can edit the settings.

The DriveLock snap-in shows the same objects in the console as in a local configuration.

Configuration changes are detected by the DriveLock Agent immediately after Windows applies the group policies. This can take up to 30 minutes after the policy is created. To apply policy changes immediately, a group policy update can be initiated. This is done by executing one of the following commands at the command line level (which can also be activated via agent remote control):gpupdate /force