Locations / Sites

To configure settings and assign whitelist rules based on a network connection, you must define how DriveLock identifies networks.

Right-click Locations / Sites, select New and then the required type from the context menu. For each type, you can later also select the required configuration profile from a list.

The following types of sites are available:

  • Active Directory site

    If you select an Active Directory site, the connection is determined based on the current name of the site

    You can apply the currently valid settings by clicking the respective button. DriveLock reads this information directly from Active Directory and automatically fills in the AD Site Name and Domain GUID input fields. Alternatively, you can enter the name yourself or select an existing location in Active Directory by clicking the "..." button.

  • Network location

    If it is necessary to define the connection using IP information (such as an IP address space), select Network Connection from the context menu. Enter a name and select an icon for display. Then configure the IP information on the IP Settings tab. You have the option of reading out the current settings from one of the existing network connections or entering them manually. To do so, activate the respective criteria and enter the necessary information (such as IP address space, gateway or DHCP server).

  • Network adapter

    A network can be detected by the network card used, for example in connection with third-party VPN clients.

  • Geographical location

    A site can also be assigned based on the public IP address. DriveLock tries to determine the public IP address of the client and compares it with the local GEO-IP database.

    Select one or more countries that you want to use as one site in additional DriveLock rules. You can also use it to generally block the network connection for a specific country (via the Reaction tab ).

    Example: You have mobile employees who work and travel exclusively in the D-A-CH region. You want to make sure that generally no network connection is possible when a notebook is detected outside the countries Germany, Austria, Switzerland.

    An active internet connection is required to detect the geographical position.

  • Wireless network SSID

    If you want your network connection to be detected by a WLAN SSID, select Wireless LAN SSID in the context menu.

  • Other location

    A special connection can be used for two reasons:

    • You need to adjust settings automatically when the computer is not connected to any network (offline)

    • You want to configure settings (or set an action) if the computer is connected to a network that could not be detected

  • Command result

    In some situations, it might not be acceptable for security reasons to detect a network based only on the Active Directory domain GUID or IP address. However, since there are many ways to scan your own network for identity features, you can use a self-written program or script for this purpose. If this returns the value 1, the test is assumed to pass. This makes it possible to check for the presence of certain computers with certain names, services or settings, for example. Or you can ensure that a computer meets predefined security policies before allowing it to connect to a network.

    A command prompt is an executable command-line interface program. For example, you can execute a program (*.exe) or a Visual Basic script (*.vbs), or even a script of the new Windows PowerShell.

To run a VB script, you must specify the full path to the script file (e.g. "cscript c:\programing\scripts\meinscript.vbs").