Agent deployment to our Windows 7 clients only took a few minutes as the Enterprise Manager scanned our network and provided a list of discovered systems for selection. A global policy is provided so you can lock down access to specific devices and ports as soon as the agent has been installed.
SMTP controls are good as we allowed some users to send emails, but not add attachments, and stopped others from sending any emails at all.
Moving over to the MMC console allows you to create new policies for selected AD users and groups which contain device and port permissions plus time periods for when they are active. Offline policies can control mobile workers and swing into action when DeviceLock detects they have left the main network.
The NetworkLock component is accessed from the new Protocols section in the MMC console. Policy creation is the same as it is for ports and devices. You select a protocol, determine access levels and apply it to users and groups.
SMTP controls are good as we allowed some users to send emails, but not add attachments, and stopped others from sending any emails at all. This also works over SSL. For FTP we could allow full access, permit either upload or download activities or deny all access.
It initially appears possible to prevent users from using Windows Live Messenger to send instant messages or to prevent them from logging on in the first place. However, we found a problem here as both options are interdependent so they can only be on or off together so all you can do is block access completely. This isn't a critical problem since Messenger would be of limited value without the ability to send instant messanges, but we nevertheless highlighted this to DeviceLock and it advised us it was looking into it.
