Removable drive locking

The basic configuration allows you to easily enable or disable basic blocking settings and add whitelist rules. To specify detailed settings for controlling drives, click Advanced configuration in the various sections. Here you can find additional configuration options.

With DriveLock, you can control all drives that Windows detects as either removable or fixed. This includes the following classes in particular:

  • Floppy drives: All internal floppy drives
  • CD-ROM drives: Internal CD-ROM / DVD / BD drives (incl. burner).
  • USB-connected drives: All drives that are connected via USB, e.g. USB sticks, USB hard disks, USB CD-ROM drives, USB card reader devices.
  • Drives connected via Firewire (1394): All drives connected via Firewire, e.g. Firewire hard disks.
  • SD card drives (SD bus): Especially in notebooks, there are pure SD card readers that are handled via this drive class
  • Other removable media: All drives that do not fall into any other category, e.g. ZIP drives.
  • Hard disks (eSATA hard disks, not exchangeable, no system included): All internal and external drives that are accessed via IDE, ATAPI, SCSI, RAID, SATA, or eSATA.
  • Encrypted drives: special DriveLock proprietary drive class for drives encrypted by DriveLock. Further information can be found in the Encryption 2-Go chapter.
  • Network drives and shares: Windows network drives
  • WebDAV network drives: drives connected via WebDAV protocol and http/https
  • Windows Terminal Services (RDP) client drive mappings
  • Citrix XenApp (ICA) Client Drive Mappings

Boot partitions and partitions containing the page file are never blocked by DriveLock.

If a drive is connected via another interface, DriveLock treats it like "other removable media".

To change the settings for a drive type (e.g. other removable media, see the figure), click the corresponding link or Properties.

In the basic configuration, options are available on two tabs:

On the General tab:

  • Allow: Any authenticated user can use this drive
  • Deny (lock) for all users (default): Access to this drive is locked for all users.
  • Deny (lock), but allow access for defined users and groups: The drive is locked, but access is possible for the specified user(s) or group(s), either read only or also write.
  • To include another group or user in the list, click Add. Click Remove to delete the previously selected entry. Specify for the user or group whether they can copy data to the drive or whether read-only access is allowed.

On the Options tab you can select Filter files read from or written to drives of this type... or Audit and shadow files [...] to activate file filtering and the selected templates. Select one of the provided file filter templates from the list, available in the basic configuration.

  • With theEnforced encryption option, you specify that the devices will be unlocked only if they have been encrypted earlier. In addition, you can specify that unencrypted drives are automatically encrypted.

  • To force a user to confirm the usage policy first, enable the User must accept usage policy before rule will be applied option.

  • To configure a custom message for a rule, enable the Display custom message in user notification option. Then enter a text which will be displayed regardless of the currently set system language.