 14 December 2007 - 12:08
'CSIDL' environment variables
In all the policies where you enter a path, it is possible to use classic environment variables. It is also possible to use special 'CSIDL' environment variables. These variables are managed by the system and designate the standard folders for which the location may vary according to the system type or configuration.
For example, %CSIDL_PERSONAL% designates the user's 'My documents' folder, even if it has been redirected and is not longer directly in the user's profile.
To consult the list of these CSIDL variables go to: http://msdn2.microsoft.com/en-us/library/bb762494.aspx .
This URL may well change; if it is no longer valid, do a word search for CSIDL on the msdn.microsoft.com site, and you will be sure to find this page once more.
|
27 September 2007 - 13:59
No longer display the 'Protected workstation' tooltip on login
Administrators recently asked us how to deactivate the 'Protected workstation' tooltip. This is displayed each time the user logs on and indicates that the workstation is compliant with the security strategies (encryption instructions applied, recoveries in place, etc.)
In order not to display this any more, the user must click on the tooltip and check the box: 'Do not display this tooltip if the workstation status is correct' in the CryptUpdate wizard.
Another possibility is to configure the policy P499 - Reserved rules, by adding the following line:
-Name of value: General
-Value: NoOKCheckMsg=1
The users concerned by the policy will no longer have the tooltip displayed on login if the workstation status is correct.
This options is available as from ZoneCentral v3.0 build 504.
|
07 September 2007 - 09:31
Ein herzliches Willkommen den deutschsprachigen Benutzern!
Wir freuen uns, die deutschsprachigen Benutzer von ZoneCentral, ZoneExpress und Zed zu begrüßen !
Ab Version 3 sind nämlich alle unsere Verschlüsselungsprodukte auch in deutscher Sprache verfügbar.
Dabei ist es nicht nötig, eine besondere Version oder ein Add-on herunterzuladen, denn die deutsche Version ist direkt in die offizielle Version integriert.
|
21 August 2007 - 08:15
"Watermark" your encrypted zones and containers !
We spook about this feature a few month ago. But today we offer you some extra...
You have the possibility to customize the picture which appears on encrypted folders and containers background.
You just have to put a file named 'ZCWatermark.bmp' in the product folder or a file named 'ZEDWatermark.bmp' for encrypted containers.
See below watermarks you can use to customize those already installed with ZoneCentral, ZoneExpress or Zed!
You can create your own design too and then masterize the installation of these files on all workstations with the tool 'Master2', available on this website (Tools).
|
18 April 2007 - 16:56
Encrypted containers in a tree structure
|
There it is, this highly demanded function is almost ready and will be available very shortly, in all versions of the Zed! package, and there in the Limited Edition (installable or program), in the Full Edition, and also in ZoneCentral and ZoneExpress.
Each container can contain folders and sub-folders, without any limit, with all related functions (copy/paste, drag & drop, etc.), exactly as generally found in normal Windows folders.
The Beta phase is coming to an end with several major customers experimenting with it, and the upgrade of this function will be shortly available as an upgrade by downloading it.
|
05 April 2007 - 09:09
Transfer encrypted data from one station to the other
Changing a user's workstation is a relatively normal operation for an administrator. His work particularly consists in transferring data from the old to the new station. One of the advantages in ZoneCentral is that this operation can be carried out on the encrypted data, without the administrator needing the user's key (his password, his token) and therefore without needing to "understand" the data transferred.
You will find in the following document an example of the procedure enabling the transfer to be carried out in the best possible way:
Example of a migration procedure (only in French)
This procedure recommends the use of the ZoneFragtool, which can be downloaded from the Toolssection.
|
09 March 2007 - 09:29
Correction for the Master2 tool
The Master2 tool allows add any files to be added to a ZoneCentral installation (e.g., documentation or tools specific to the company).
An anomaly was detected on the previous version: an upgrade with a master in which a file had been added, deleted (!) this file if it was already present (installed with a master from a previous version).
This anomaly was corrected and the new version is available in the Resources/Tools category.
|
26 January 2007 - 18:17
Uninstall/Install or Upgrade?
|
Both are possible, the procedure and the result are *almost* the same, but the is a slight difference is that is sometimes useful to know that:
the uninstallation deletes the locally defined policies; the installation to be made should therefore ensure either to reimport them (if it is mastered), or to redefine them manually;
while the upgrade, which automatically concatenates both of them, *knows* that it upgrades (sic), and therefore retains the local policies.
It is possible to uninstall without deleting the policies, but it must then be run in the command line with msiexec.exe, specifying the key word ZC_KEEPPOLICIES=1.
Another substantial advantage in Upgrade is that it only asks for one final restart, while the two operations carried out separately each require it.
Generally speaking, it is recommended to give preference to the "Upgrade" method.
|
25 January 2007 - 18:12
Precaution with Rainbow Safenet iKey 2032 tokens
|
Especially with iKey 2032 tokens, it is important to position the P291 policy of ZoneCentral or Zed! at the value "128 bits".
In fact, these tokens have an internal limit which means that, regardless of the size of the embedded RSA key, it cannot decrypt a 256-bit AES key, it is limited to 128 bits. For the same reason, it is not recommended to use the triple-DES triple-key.
|
25 January 2007 - 09:51
Installation: always specify ALLUSERS=1 when /q
When the installer's option /q<x> is used to specify the graphical level, then ALLUSERS=1 must be specified so that the installation is carried out properly.
This is a special function of Windows Installer which, in this case, needs ALLUSERS to solve the paths (start menu - all users).
This is not necessary if the installation is made in normal graphical mode.
It is not necessary either for "remote installations".
|
22 January 2007 - 16:45
How to completely delete a personal list of accesses
ZoneCentral does everything it can to make this difficult. In this way, a user is prevented from making a serious error in manipulation and deleting his list of accesses inadvertently.
To delete a personal list, the file must be deleted in THREE places:
- The local personal location (see P120) which, by default, is under <myprofile>/Application Data/ZoneCentral profile
- The reference location (see P121) which, by default, is under AllUsers/Application Data/ZoneCentral/AccessFiles
- The local cache memory (see P122) which, by default, is under <myprofile>/Local Settings/Application Data/ZoneCentral/Cache
Warning: after deletion, there will be absolutely no possibility of decrypting any encrypted zone or container the sole access to which would be in this list of accesses!
|
19 January 2007 - 17:20
Optimising LDAP queries
The search for certificates via LDAP, a function that is both administrator and user, can be configured in advance in the zone management tool. The parameters for the LDAP queries can be given precisely.
One of the key parameters in the configuration of an access to an LDAP directory is the filter, by default:
(cn=*%USER%*)
This filter concerns the attribute Common Name LDAP ('cn'). The %USER% variable corresponds to what the user will enter. So, if he enters "michel", LDAP query filter will be: (cn=*michel*)
the character * corresponds to 0 or several characters. Hence, all the elements containing "michel" (at the start, in the middle or at the end of the name) will be returned. Even if the maximum number of results is returned, the search on certain directories can take a very long time. The first character * in particular can have an unacceptable cost in search time, as, depending on the way that the directory is indexed, this can demand running through all its entries. In this event, when accesses that are too slow are detected on LDAP searches, we would advise you to try the following filter: (cn=%USER%*)
On certain very voluminous directories, the search time can be divided by 100. On the other hand, there will be less results from the search (in our previous example, only users whose name started with "michel" will be returned). This compromise has proved to be essential when performances are too deteriorated.
|
15 January 2007 - 10:47
ZoneCentral and the antivirus NOD32 (ESET Software)
So that ZoneCentral and the antivirus NOD32 can be used on the same workstation, the P333 security strategy "Alternative strategy for opening a zone" must be activated.
NOD32 and ZoneCentral then function together perfectly, each one fulfilling its role to perfection. Moreover NOD32 has been installed on one of the lab stations for several months.
|
|
|