The Global Device Settings are available to the Super Administrator (SA). It is a security profile that is used as the standard configuration for all devices registered within this KRMC Hosted account. KRMC Hosted Advanced and Premium accounts have the ability to have groups and each group can have their own device settings profile.
KRMC Hosted devices must adhere to the Global/Group Device Setting. Administrators may configure separate device settings for individual devices and Groups, but these profiles must meet the minimum requirements set by the Global Device Settings. When a change is made to a setting within the Global Device Settings, the green icon to the right of each option will turn red. If you hover your mouse over the red icon, you will be shown what the setting was prior to the change.
Any changes made to the Global Device Settings will create the following actions all applicable devices:
| Reprovision | This is a combination of Password Constraints and Security Settings located under the Password tab and Offline Access located under the Connection Settings tab on the Global Device Setting. The Reprovision action will provide the values for items such as minimum number of characters in a password. |
| Advanced Reprovision | This is the Advanced Settings options located under the Advanced Settings tab on the Global Device Setting. Additionally, Proxy Settings located under the Connection Settings tab on the Global Device Settings are within this action. The Advanced Reprovision action will provide the state that the settings should be in as well as if it is enabled then which settings to alter. |
| Self Service Password Management | The SSPM setting is located under the Password tab on the Global Device Setting. The Self Service Password Management action will provide the state that the application should be in. |
| Enable/Disable Onboard Browser | This setting is located under the Application tab on the Global Device Setting. The Enable/Disable Onboard Browser action will provide the state that the application should be in. |
| Enable/Disable AV | This setting is located under the Application tab on the Global Device Setting. The Enable/Disable Antivirus action will provide the state that the application should be in as well as if it is enabled then which option for Realtime Scanning should be selected. |
| Configure App Launcher | This setting is located under the Advanced Settings tab on the Global Device Setting. The Configure App Launcher action will provide the state that the setting should be in as well as if it is enabled then the name of the application that the services to use. |
| IP/Domain/Mac Control | This setting is located under the Connection Settings tab on the Global Device Setting. The IP/Domain/Mac Control action will provide the state that the setting should be in as well as if it is enabled then which settings to utilize moving forward. |
| Enable/Disable USB to Cloud | This setting is located under the Application tab on the Global Device Setting. The USB to Cloud action will provide the state that the application should be in as well as if it is enabled then which services to use. |
Click on the Update and Save button to update the security policies for each device the next time they are seen by the KRMC Hosted server.
If a device is in a group other then the default SA group, no actions will be sent to those devices. If the new Global Device Settings minimum requirements cause groups to no longer be in compliance, Groups will need to have their settings changed manually.
There are four tabs/sections within the Global Device Settings containing different settings in each. Here is a breakdown of the settings that are in section.
Password
| Password Constraints | Change Password at Next Login - If selected, the user will have to change their password the next time they successfully login to their device. |
| Password Length (8 - 15 characters) – The mandatory minimum number of characters a password must contain to be valid. | |
| Expiration Frequency (none, 30, 60, 90, 180, 360 days) – How often the system will force the user to change their user password. | |
| Minimum Uppercase/Lowercase/symbols/Numbers (0 - 5) – The minimum number of upper- and lower-case letters, symbols and digits a valid password must contain. | |
| Enforced Password History (none, 1 - 10) - The number of previously used passwords that may not be accepted as your current password. A higher number discourages users from alternating between several common passwords. | |
| Security Settings | Login Attempts Allowed (3 – 15 attempts) - The number of times a user can incorrectly enter their password when attempting to login to the drive. A warning message will appear to inform the user when they have one attempt remaining. |
| Format Device - The device will automatically format itself if the user exceeds the number of allowed password retries. This will erase all admin settings and user data stored on the device and reset the device to the factory default settings. | |
| Timeout - The device will automatically activate a timeout period if the user exceeds the number of allowed password retries. The user will have to wait for the timeout period to pass before they are allowed to attempt entering a password again. | |
| Disable Device - The device will become disabled if the user exceeds the number of allowed password retries. The device user will be unable to login to their device or access the device’s secure partition again until it is enabled by an ‘Enable Device’ remote action. | |
| Timeout Value (1 Min, 2 Min, 5 Min, 10 Min, 30 Min) - How long the timeout period is. If the user exceeds the set number of password retries, the user will have to wait this long before they are allowed to enter a password again. | |
| USB Timeout (30 Min, 1 hr, 2 hr, 4 hr, No timeout) - This allows the admin the ability to set an idle timeout period where by if the device is not used for a specific period of time, then the drive will auto-unmount. Note: The default setting is 1-hour. | |
| SSPM | The Self-Service Password Management feature allows the user to reset their own login password for a managed Defender device. Users must register an email address so that a password reset e-mail can be sent to the user. |
| Enable and Force - Enable SSPM and force the user to register an e-mail the next time they use their device. | |
| Enable But Defer - Enable SSPM but allow the user to register an e-mail at a later time. | |
| Disable - Disable SSPM, preventing users from resetting the password on their device. If the user forgets their password, the only method of recovery is for the device administrator to create a ‘Change User Password’ action for the device. |
Connection Settings
| Access Control Settings | Create a list of IP Ranges or Domains or MAC addresses that you will either allow or restrict your devices to access KRMC Hosted from. You can include multiple IP Ranges, Domains, or Mac addresses to the list. |
| Enable Access Control - Check this box to enable IP/Domain/Mac control. | |
| Functionality - Select whether IP/Domain/Mac control will allow or deny certain IP ranges, Domains, or Mac addresses. | |
| Allow all Except (blocklist) - When selected, all devices will be allowed to access KRMC Hosted unless it is located under any of the IP ranges, Domains, or Mac addresses listed. | |
| Deny all Except (safelist) - When selected, only devices that are located under any of the IP ranges, Domains, or Mac addresses listed will be able to access KRMC Hosted. | |
| Control based - Select whether you want IP/Domain/Mac Control to be based on IP Range, Domain or MAC Address. | |
| IP Range - If you are looking to add an IP Range, enter the information into the fields provided. After entering the information select the “ADD” button directly underneath. After selecting “ADD” your range will appear under allowing you to add additional IP ranges if you would like. If you choose to remove the range, you can use the “DELETE” button that appears for you. | |
| Domain List - If you are looking to add a Domain, enter the information into the fields provided. After entering the information select the “ADD” button directly underneath. After selecting “ADD” your range will appear under allowing you to add additional domains if you would like. If you choose to remove the range, you can use the “DELETE” button that appears for you. | |
| Mac List - If you are looking to add a Mac address, enter the information into the fields provided. After entering the information select the “ADD” button directly underneath. After selecting “ADD” your range will appear under allowing you to add additional Mac addresses if you would like. If you choose to remove the range, you can use the “DELETE” button that appears for you. | |
| Proxy Settings | Enable Access Control - Check this box to enable Proxy settings. |
| Proxy Address - This location you will enter the IP address or Proxy server name that you will be using. | |
| Proxy Type - Select from the drop-down the proxy type that is to be used. Our devices support HTTP, SOCKS4, and SOCKS5 | |
| Proxy Username - If you Proxy service requires the usage of a username, you can enter it here. If your Proxy service does not require any username, then this can be left blank. Note: This username will be sent to all drives. | |
| Proxy password - If you Proxy service requires the usage of a password, you can enter it here. If your Proxy service does not require any password, then this can be left blank. Note: This password will be sent to all drives. | |
| Offline Access | Allow offline access (Unlimited, 1-100 Logins) - If unselected, the device user will not be able to login to access the device’s secure partition if the computer the device is connected to does not have internet access. When selected, the device user will be able to access the device’s secure partition when there is no internet access. The number of logins on computers without internet access can be set as 1 login up to 100 logins. If “Unlimited” is selected, the device user will always be able to login to the device, regardless of internet access. |
Applications
| Endpoint Protection powered by Bitdefender | Enable/Disable Endpoint Protection – This option allows you to enable or disable the Endpoint Protection on the Defender device. Note: This can only be set for user devices running KDM client version 5.6.6.2 and later. If you Enable Endpoint Protection, you are then able to determine how the real-time scan works. You have three options: |
| Enable Real-Time Scan – Real-Time Scanning is enabled however the user scan disabled this at their choosing. | |
| Disable Real-Time Scan - Real-Time Scanning is disabled and the user is unable to enable it. | |
| Force Real-Time Scan - Real-Time Scanning is enabled and the user is unable to disable it. | |
| Onboard Browser | Enable/Disable Onboard Browser - This option allows you to enable or disable the On-Board Browser (OBB) application on the Defender device. Note: This can only be set for user devices running KDM client version 5.6.5.4 and later. |
| USB to Cloud | Enable USB to Cloud - This option allows you to enable or disable the USB to Cloud application on the Defender device. If USB to Cloud is enabled, you are then able to select which backup service you allow. Services that are compatible with USB to Cloud are as follows: Amazon S3, Baidu, Box, Dropbox, Google Drive, Mega, NAS (using WebDAV or DAS), OneDrive, OneDrive for Business, Sharefile by Citrix, Yandex Disk. |
Advanced Settings
| Advanced Settings | Enable Advanced Settings - This setting allows you to enable one or more of these settings under Advanced Settings. If this setting is disabled, no setting enabled within this section will be enabled. |
| Allow Force Unmount - Enable this feature to allows you to unmount devices even if an application is still accessing data on the secure partition. | |
| Suppress pop up messages and warnings - Enable this feature to prevent any device messages that do not require any user interaction from being displayed, i.e. pop-up messages that only have an ‘OK’ button. Pop-up messages that require user input will still be displayed. Additionally, this feature to prevent the warning message that usually shows when a drive is improperly disconnected from being displayed. | |
| Unmount security partition at user logoff - When selected, the secure partition will automatically unmount when the user logs off the computer the device is connected to. | |
| Unmount security partition at hibernate / sleep - When selected, the secure partition will automatically unmount if the computer the device is connected to enters hibernate or sleep mode. | |
| Enable Write Protection (Defender 2000/3000 devices) - The Defender 2000 and 3000 devices do not have a physical write protect switch option but rather a software write protect option. Enabling this setting will turn on the write protect feature, making the Defender 2000 and 3000 a read-only device. The device user will not have the ability to turn the write protect feature off. | |
| Disable Logging - The Defender drive keeps a track of its internal working in encrypted log files on the user's computer. These logs do not store any user data like files/folders, are never sent automatically to Kanguru, and contain only internal information related to Kanguru application. This action helps you enable/disable the drive's logging feature. Note: that disabling drive logs might inhibit our ability to help you troubleshoot technical issues. | |
| Show Contact Information - The Customer Info section allows you to configure whether the device user’s contact information is displayed when logging into their Defender device. By default, no information is shown. Enable show customer info to allow contact information to be displayed when logging in to the device. You have two options for information that can be displayed. | |
| Show limited customer info at KDM client login screen - The user’s name and telephone number are displayed. | |
| Show full customer info at KDM client login screen - The user’s name, telephone number, e-mail and department information are displayed. | |
| Device App Launcher | Configure App Launcher - This section is where you can configure a device to auto-execute an application stored on the device. The Auto Run feature will execute every time the device’s end user successfully logs into their drive and mounts the device’s secure partition. If the file name is entered incorrectly or if the file does not exist on the drive, the end user will receive the following error message: “The process set for auto acquisition failed to start. File not found.” |
For more information on KRMC Hosted, please refer to the User Manual located at HERE.
Comments
0 comments
Please sign in to leave a comment.