Before installing the DriveLock Enterprise Service (DES)

We recommend the following preparatory steps before you start installing DriveLock.

Necessary preparations:

  • Create an account used to run the DriveLock Enterprise Service (DES). This account does not need to have administrator rights.
  • To install the DES you need at least a Windows Server 2012 R2

  • The DES requires Microsoft SQL Server 2016 SP1 or newer. If this is not available, you can also use the SQL Server Express version that is provided for installations with up to 200 clients and test installations.

    Click here for more information on updating older SQL Server versions.

Optional:

  1. If you have your own certificate authority, create a server certificate for client-server authentication.

    Requirements for the SSL certificate to be used for the DES:

    • Signature algorithm: sha256SA

    • Public key length: RSA 2048/4096 bit

    • Advanced use:

      • Server authentication (1.3.6.1.5.7.3.1)

      • Client authentication (1.3.6.1.5.7.3.2)

    • Key usage: Digital Signature, Key Encipherment

    • We recommend that the certificate has a friendly name. The private key must be exportable if the certificate is to be used by all DriveLock components.

    • DNS alias: if a DNS alias is used for the DES server, the certificate must also be issued for this DNS alias

    • The certificate needs to be installed in the Local Computer – Personal store before the DriveLock installation

      Further information can be found in the Trusted certificates chapter.

      DriveLock does not support wildcard certificates for the DES.

  2. If you do not want to use the Microsoft SQL Express Server supplied (for small environments and test environments), you will need a Microsoft SQL Server (see above).

  3. If the user installing the DES does not have the necessary permissions on the database server, the database administrator should make the following preparations:

    • Create a Microsoft SQL Server database for DriveLock

    • The login used during installation requires only the public SQL Server role and must be a member of the db_owner role in the DriveLock database.

  4. If you want multiple users to be responsible for DriveLock administration, it is useful to create an AD group for the users that will have administrative permissions for DriveLock.

Further information on these topics can be found in the current release notes on DriveLock Online Help.