DeviceOn
  • Get Started
    • ⬇️Resources Download
    • πŸ’‘About DeviceOn
      • Feature Highlight
      • Cloud Versions
      • Agent Versions
      • Security Architecture
    • πŸ› οΈInstallation and Deployment
      • Server (Standard)
        • Windows
        • Ubuntu
        • Azure Marketplace
        • AWS Marketplace
      • Server (Enterprise)
        • Azure Kubernetes
      • Agent
        • Windows
        • Ubuntu
    • ⏲️Version History
      • Version 5.3.12
      • Version 5.2.4
      • Version 5.1.2
      • Version 5.0.3
      • Version 4.7.2
      • Version 4.6.3
      • Version 4.5.5
      • Version 4.4.2
      • Version 4.3.10
      • Version 4.3.3
      • Version 4.2.3
    • ❓FAQ
      • General
      • Technical
  • SECURITY STANDARD
    • ISA/IEC 62443
    • Compliance
  • User Interface & Functions
    • πŸ’»Server (Standalone)
      • Server Management Tools
      • Background Service
  • πŸ–₯️Agent
    • User Interface
    • Background Services
  • 🏠Web User Interface
    • Overview
    • Device Management
      • Device List
      • Real-time Monitoring & Rule Engine
      • Remote Control & Diagnostic
      • Device Data
      • Device Group
      • Task Management (Batch Control)
      • Provision & Configuration
      • Anomaly Detection
    • App Management (OTA)
    • Container Management
    • System Setting
    • Dashboard
    • Event Logs
    • Account Management
  • LAB
    • πŸ“¦Application (OTA)
      • Package and Deploy your Application
      • Security Update for Windows
      • Upgrade DeviceOn Agent in On-premises DeviceOn Server
  • πŸ”§Out-of-Band
    • Intel AMT
      • Local Management (iAMT)
      • Cross-Network Integration (Open AMT)
    • IPMI
    • AMD DASH
    • Advantech iBMC
    • Advantech EdgeBMC
  • 🌐System
    • Update DeviceOn Server to the Latest Version
    • Enabling Automated Backups and Restores from Backup Archives
    • Enable Passive Mode on FTP Server
    • Enable HTTPs for DeviceOn Web Service
    • License Management
  • βš’οΈManaged Devices
    • Set up Device Thresholds and Enable Trigger Notifications
    • Set up the Application Watchdog and Enable Trigger Notifications
    • Visualize Device Data through Grafana Dashboards
    • Onboard Multiple Devices at Once
    • Securely Connect to DeviceOn using x.509 Certificates
    • Enable Windows Lockdown Features
Powered by GitBook
On this page
  • Prerequisite
  • Steps to Enable Windows Lockdown

Was this helpful?

  1. Managed Devices

Enable Windows Lockdown Features

PreviousSecurely Connect to DeviceOn using x.509 Certificates

Last updated 1 year ago

Was this helpful?

For devices protection, Windows built many nice features in natively. For instance, function key protection disables Ctrl, Alt, and WinKey. UWF protection guarantees your disk C (System Partition) rollbacks to the original state after you reboot the Windows operating system. This lab guides you how to enable Windows lockdown features, and how to active/inactive them via DeviceOn portal. After this lab, you should:

  • Learn how to enable β€œKeyboard Filter” and β€œUnified Write Filter” (a.k.a. UWF) in Windows lockdown features.

  • Know what lockdown features can be controlled via DeviceOn portal.

Prerequisite

  • A running DeviceOn server.

  • A device which running on Windows 10 operating system (LTSB, LTSC) and installed WISE-Agent, that connects to DeviceOn server. Besides, this agent must install Advantech SUSI driver, or lockdown feature should not work properly.

Steps to Enable Windows Lockdown

  • Step 1: Go to the target agent device and open the file explorer window. In address bar, key β€œControl Panel\All Control Panel Items\Programs and Features” in and followed by pressing β€œENTER”. It opens the β€œPrograms and Features” window.

  • Step 2: Click β€œTurn Windows features on or off” on left hand side to open β€œWindows Features” window.

  • Step 3: Scroll down the window, find and open the β€œDevice Lockdown” item. Make sure both β€œKeyboard Filter” and β€œUnified Write Filter” are checked. Then click β€œOK”.

  • Step 4: Now back to DeviceOn portal. Click β€œDevice” menu item, then β€œRemote Control” tab. And choose proper account, group, and device from β€œSELECT ACCOUNT”, β€œSELECT DEVICE GROUPS”, and β€œSELECT DEVICE” fields accordingly. You can see β€œFunction Key”, β€œUWF Protection” control buttons there. Also, other than these two mentioned, β€œWatchdog Protection”, β€œWindows Notification” and more relevant features are available as you can see.

  • Step 5: Click β€œFunction Key” control button. You would find, after a while, the description of β€œFunction Key” changes from β€œAvailable” to β€œCtrl, Alt, WinKey Lockdown”. If you try to press such keys on the target device, they should not work as expected. Okay, you learned how to enable, disable β€œFunction Key” lockdown. Let’s go ahead and learn something regarding UWF.

  • Step 6: Click β€œUWF Protection” control button. A dialog pops up and the message shows that this action will reboot the device. Click β€œCONFIRM”, its description changes from β€œDisabled” to β€œEnabled”. Just wait for the reboot completed.

  • Step 7: Now, write some data into disk C. You can, for example, download files into disk C, copy files into disk C. Or even generate by programmatically. Just do whatever you can do to mimic that you are working on disk C.

  • Step 8: Once you finish your tasks, reboot the target device. You would find that all those data you made at previous step disappear. The disk C rollbacks to the original state and just like you did nothing at all.

βš’οΈ