Advanced settings

Setting	Functionality
Encryption strength settings
Enforcement of FIPS 140-2 validated cryptography	Activate the FIPS mode with this setting.
Encryption algorithm to be used for encrypted drives	Configure the encryption algorithm to be used.
Password hash algorithm to be used for encrypted drives	Specify the hash algorithm here.
Allow quick format of encrypted containers	Define here if you want to allow the quick format.
Password strength settings
Minimum required password complexity for encrypted drives	The minimum required password complexity for encrypted drives should be defined to meet company policy. The complexity is calculated based on the characters used as well as the password length.
Password complexity policy	A password complexity policy contains all the requirements that a user password must meet when it is created. This contains the minimum number of characters and the number of special characters that a password must contain. DriveLock can also deny a user password if it occurs in a dictionary.
Container access lockout policy	The lockout policy helps prevent brute-force attacks by locking a container for a specified number of minutes or forever after a defined number of attempts to enter a password.
Encrypted container password saving options	The saved password is automatically used when mounting from this container. This helps with long and complicated passwords.
Allow generation (and display) of random passwords for new containers	An additional option is displayed in the creation wizard that allows users to generate random passwords.
Allow and show option to send passwords for new containers using text messaging	When enabled, this option generates an additional wizard page when creating containers and allows passwords to be sent via text message (SMS). The SMS gateway required for this is configured in the Global configuration under Settings in the configuration settings for text messages (SMS). For more information, please click here.
Default text for sending passwords using text messaging	Sets the default text for sending passwords via text message.
Password recovery settings
Encrypted volume password recovery methods	DriveLock provides two methods for recovering lost passwords for encrypted containers: Offline recovery using a challenge response method: A wizard guides you through resetting the password of an encrypted container, even if the computer is not currently connected to the corporate network. Online recovery through locally installed certificates: If this option is enabled, a password can also be reset without a challenge-response method, provided that the required certificate with private and public key pair is available locally on the corresponding computer.
User contact information for offline container recovery	If the user forgets their personal password for accessing the container or encrypted drive, they can use the icon in the taskbar or the Start menu to launch the Password Recovery Wizard. You can specify the text that appears at the beginning of the wizard here.
Encryption user experience
Context menus available in Windows Explorer	These settings define all the options available from the context menu. The "Not configured" setting activates all options
Start menu configuration	You can define whether the DriveLock Start menu items are displayed and how they are arranged.
Available Start menu items	This option defines the start menu items to be displayed
Menu items available from the taskbar icon	You can define whether all menu items are displayed when using the taskbar icon
Order of menu items in taskbar icon	You can define in which order the menu items are displayed when using the taskbar icon.
Bring all dialogs to top-most position	Specify whether dialogs can be hidden.
Encrypted drives settings
Encrypted drive file system	The file system for new encrypted drives can be FAT, exFAT or NTFS.
Encrypted drive cluster size	Set the cluster size for encrypted drives here.
Available drive letters for mounting encrypted drives	Configure the drive letters that are automatically assigned to encrypted drives here
Enforce drive letter when mounting encrypted drives	By enabling this setting, only an encrypted drive can be connected to the defined letter
Restrict size of user created drives	Specify a value that indicates the maximum size of encrypted containers.
End user restrictions
No history for mounted volumes	This option prevents creating history of connected volumes.
Do not allow creation of DriveLock Mobile Encryption Disks	The Mobile Encryption Application (MEA) is required to decrypt data on a computer that does not have DriveLock Agent installed. DriveLock can copy the MEA to a drive along with an autostart file if an encrypted container file is placed on it. Disable this option if you do not want the user to be able to do this.
Only allow encrypted containers created with current DriveLock license	If you enable this option, DriveLock will only be able to open containers encrypted by an agent with the same license as the one currently configured
Do not allow opening encrypted containers with DriveLock Mobile Encryption	The Mobile Encryption application is used to decrypt encrypted drives or containers even on systems where DriveLock is not installed.
Do not automatically update DriveLock Mobile Encryption to newer version during enforced encryption	Normally, when you try to connect, DriveLock checks whether the MEA present on a removable disk is the current version and, if necessary, automatically replaces it with the latest version

Encryption strength settings

Enforcement of FIPS 140-2 validated cryptography

Activate the FIPS mode with this setting.

Encryption algorithm to be used for encrypted drives

Configure the encryption algorithm to be used.

Password hash algorithm to be used for encrypted drives

Specify the hash algorithm here.

Allow quick format of encrypted containers

Define here if you want to allow the quick format.

Password strength settings

Minimum required password complexity for encrypted drives

The minimum required password complexity for encrypted drives should be defined to meet company policy. The complexity is calculated based on the characters used as well as the password length.

Password complexity policy

A password complexity policy contains all the requirements that a user password must meet when it is created. This contains the minimum number of characters and the number of special characters that a password must contain. DriveLock can also deny a user password if it occurs in a dictionary.

Container access lockout policy

The lockout policy helps prevent brute-force attacks by locking a container for a specified number of minutes or forever after a defined number of attempts to enter a password.

Encrypted container password saving options

The saved password is automatically used when mounting from this container. This helps with long and complicated passwords.

Allow generation (and display) of random passwords for new containers

An additional option is displayed in the creation wizard that allows users to generate random passwords.

Allow and show option to send passwords for new containers using text messaging

When enabled, this option generates an additional wizard page when creating containers and allows passwords to be sent via text message (SMS).

The SMS gateway required for this is configured in the Global configuration under Settings in the configuration settings for text messages (SMS). For more information, please click here.

Default text for sending passwords using text messaging

Sets the default text for sending passwords via text message.

Password recovery settings

Encrypted volume password recovery methods

DriveLock provides two methods for recovering lost passwords for encrypted containers:

Offline recovery using a challenge response method: A wizard guides you through resetting the password of an encrypted container, even if the computer is not currently connected to the corporate network.
Online recovery through locally installed certificates: If this option is enabled, a password can also be reset without a challenge-response method, provided that the required certificate with private and public key pair is available locally on the corresponding computer.

User contact information for offline container recovery

If the user forgets their personal password for accessing the container or encrypted drive, they can use the icon in the taskbar or the Start menu to launch the Password Recovery Wizard. You can specify the text that appears at the beginning of the wizard here.

Encryption user experience

Context menus available in Windows Explorer

These settings define all the options available from the context menu. The "Not configured" setting activates all options

Start menu configuration

You can define whether the DriveLock Start menu items are displayed and how they are arranged.

Available Start menu items

This option defines the start menu items to be displayed

Menu items available from the taskbar icon

You can define whether all menu items are displayed when using the taskbar icon

Order of menu items in taskbar icon

You can define in which order the menu items are displayed when using the taskbar icon.

Bring all dialogs to top-most position

Specify whether dialogs can be hidden.

Encrypted drives settings

Encrypted drive file system

The file system for new encrypted drives can be FAT, exFAT or NTFS.

Encrypted drive cluster size

Set the cluster size for encrypted drives here.

Available drive letters for mounting encrypted drives

Configure the drive letters that are automatically assigned to encrypted drives here

Enforce drive letter when mounting encrypted drives

By enabling this setting, only an encrypted drive can be connected to the defined letter

Restrict size of user created drives

Specify a value that indicates the maximum size of encrypted containers.

End user restrictions

No history for mounted volumes

This option prevents creating history of connected volumes.

Do not allow creation of DriveLock Mobile Encryption Disks

The Mobile Encryption Application (MEA) is required to decrypt data on a computer that does not have DriveLock Agent installed. DriveLock can copy the MEA to a drive along with an autostart file if an encrypted container file is placed on it. Disable this option if you do not want the user to be able to do this.

Only allow encrypted containers created with current DriveLock license

If you enable this option, DriveLock will only be able to open containers encrypted by an agent with the same license as the one currently configured

Do not allow opening encrypted containers with DriveLock Mobile Encryption

The Mobile Encryption application is used to decrypt encrypted drives or containers even on systems where DriveLock is not installed.

Do not automatically update DriveLock Mobile Encryption to newer version during enforced encryption

Normally, when you try to connect, DriveLock checks whether the MEA present on a removable disk is the current version and, if necessary, automatically replaces it with the latest version