DESlock+ Support DESlock+ Support
DESlock+ and System Image Deployment
Article ID: KB473 email a link to this article

If you wish to use DESlock+ in a system image for deployment, please be aware of the following:

 

Workstation ID (Duplication)

When activating a managed client, a unique Workstation ID is generated enabling the Enterprise Server management console to communicate with the Workstation.

If a system image is created with an activated DESlock+ client, the Enterprise Server will have multiple instances of the workstation to communicate with. As commands can only be retrieved by one instance, this will cause multiple issues while trying to control the estate.

To check your workstation ID's please see our article below:

KB249 - How does the user find their Workstation ID? 

 

Full Disk Encryption (Encryption Key Duplication)

When installing a managed client MSI with the Workstation Policy to 'Automatically start encryption after installation' enabled, the Full Disk Encryption Key is generated during the install process. As such, if an already installed MSI is used in a system image the Full Disk Encryption Key will be identical for each subsequent image deployed.

KB441 - Automatically Starting Full Disk Encryption (FDE) 

If you are using an image distribution software package such as Microsoft Deployment Tools (MDT), DESlock can be applied without installation or activation. MDT will allow DESlock+ to be installed using MSIExec for each deployment. Please see documentation below:

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt 

 

Issue:

You have a duplicated Workstation ID.

 

Cause:

You have an activated DESlock+ MSI installed on your deployed system image.

 

Solution:

Apply the following changes to your system image:

1. Delete 'DLSDBLK0.sys' from C:\windows\system32\drivers \
Note: DLSDBLK0.sys is a hidden system file which is read only, so you will need to adjust the Windows Explorer settings to view it.

2. Remove the activation registry keys from ALL user profiles that have been activated in the image.
See: https://support.deslock.com/KB383 - How to reset the activation process of a managed client

3. Remove ALL user's tokenstore.dat files found in C:\Users\USER\AppData\Local\DESkey\DESlock+\

4. Reboot the workstation.

With this done, DESlock+ should work correctly when the image is applied to other machines.


 


Keywords: MDT stock image gold acronis clonezilla paragon


We use cookies on our website to enhance your browsing experience. Read more