DESlock+ and System Image Deployment
If you wish to use DESlock+ in a system image for deployment, please be aware of the following:
Workstation ID (Duplication)
When activating a managed client, a unique Workstation ID is generated enabling the Enterprise Server management console to communicate with the Workstation.
If a system image is created with an activated DESlock+ client, the Enterprise Server will have multiple instances of the workstation to communicate with. As commands can only be retrieved by one instance, this will cause multiple issues while trying to control the estate.
To check your workstation ID's please see our article below:
Full Disk Encryption (Encryption Key Duplication)
When installing a managed client MSI with the Workstation Policy to 'Automatically start encryption after installation' enabled, the Full Disk Encryption Key is generated during the install process. As such, if an already installed MSI is used in a system image the Full Disk Encryption Key will be identical for each subsequent image deployed.
If you are using an image distribution software package such as Microsoft Deployment Tools (MDT), DESlock can be applied without installation or activation. MDT will allow DESlock+ to be installed using MSIExec for each deployment. Please see documentation below:
You have a duplicated Workstation ID.
You have an activated DESlock+ MSI installed on your deployed system image.
Apply the following changes to your system image:
1. Delete 'DLSDBLK0.sys' from C:\windows\system32\drivers \
4. Reboot the workstation.
Keywords: MDT stock image gold acronis clonezilla paragon