You are on page 1of 72

HDGUARD 8.

1
+ HDGUARD.master 8.1
Installation and Usage
by RDT - Global

HDGUARD
2012 RDT - Global
All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher. Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks. While every precaution has been taken in the preparation of this document, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by this document.

Publisher RDT - Deutschland Alte Landstr.14 D-23843 Neritz/Bad Oldesloe

Phone: Fax: Email: Web:

+49 (0) 4531 880 440 +49 (0) 4531 880 444 info@rdt.de www.rdt.de

10.02.2012 RDT - Ramcke DatenTechnik GmbH HRB 1408, AG Bad Oldesloe CEO Dr. Rainer Ramcke

Contents

Table of Contents
Overview 1

1 HDGUARD ................................................................................................................................... 1 2 HDGUARD.master ................................................................................................................................... 1 3 HDGUARD.remote ................................................................................................................................... 1

HDGUARD
Preparation .......................................................................................................................................................... Operating-System requirements ......................................................................................................................................................... Operating System Notes ......................................................................................................................................................... Hard Drive Environment ......................................................................................................................................................... Installation .......................................................................................................................................................... Manual Setup ......................................................................................................................................................... Cloning Support (for rapid deployment) ......................................................................................................................................................... MSI Support .........................................................................................................................................................

3
3 3 3 4 4 4 4 5

1 Set-up Information ................................................................................................................................... 3

2 Operation ................................................................................................................................... 6
First start .......................................................................................................................................................... Configuration .......................................................................................................................................................... Configuration wizard ......................................................................................................................................................... Hard drive ......................................................................................................................................................... License and Password ......................................................................................................................................................... USB ......................................................................................................................................................... Protection Login and Updates ......................................................................................................................................................... Visibility ......................................................................................................................................................... User......................................................................................................................................................... Folders Miscellaneous ......................................................................................................................................................... Help ......................................................................................................................................................... and Support Main Window .......................................................................................................................................................... Activating HDGUARD ......................................................................................................................................................... Deactivating HDGUARD ......................................................................................................................................................... Statusinformation ......................................................................................................................................................... 6 6 6 8 9 10 10 11 12 13 13 14 15 16 17

3 Software Updates ................................................................................................................................... 18


Basic Principles .......................................................................................................................................................... Windows.......................................................................................................................................................... Updates Configuration of the Update Tasks .......................................................................................................................................................... Required General Conditions ......................................................................................................................................................... Which software updates should be considered? ......................................................................................................................................................... Configuration of the Update Tasks ......................................................................................................................................................... 18 19 19 19 19 20

4 HDGUARD & Applications ................................................................................................................................... 22


Adapting.......................................................................................................................................................... Application Programs Applications that process large amounts of data .......................................................................................................................................................... Applications that are supposed to store files permanently .......................................................................................................................................................... Registry .......................................................................................................................................................... Allocating an additional (unprotected) partition .......................................................................................................................................................... Special Network Environments .......................................................................................................................................................... 2012 RDT - Global 22 22 23 23 23 24

ii
Saving Application Data .......................................................................................................................................................... My Documents, Favorites and Cookies .......................................................................................................................................................... Exception configuration Wizard .......................................................................................................................................................... Step ......................................................................................................................................................... 1: Create an unprotected partition Step ......................................................................................................................................................... 2: Folder redirection Step ......................................................................................................................................................... 3: Install your program Step ......................................................................................................................................................... 4: Registry virtualization Step ......................................................................................................................................................... 5: Save project data E-mail Programs .......................................................................................................................................................... Outlook Express ......................................................................................................................................................... Relocating ......................................................................................................................................... an e-mail database Relocating ......................................................................................................................................... the address book Outlook ......................................................................................................................................................... New e-mail......................................................................................................................................... accounts Existing e-mail accounts ......................................................................................................................................... Thunderbird ......................................................................................................................................................... New E-Mail......................................................................................................................................... accounts 24 24 24 25 25 26 27 27 27 28 28 28 29 29 29 29 29

HDGUARD.master
Types of .......................................................................................................................................................... installations Installing.......................................................................................................................................................... HDGUARD.master Licensing HDGUARD.master .......................................................................................................................................................... Firewall Settings ..........................................................................................................................................................

31
31 32 32 32

1 Installation ................................................................................................................................... 31

2 HDGUARD.master in practical use ................................................................................................................................... 33 3 Basics ................................................................................................................................... 34


Screen View .......................................................................................................................................................... 34

4 Options ................................................................................................................................... 35 and Licensing


Password Protection .......................................................................................................................................................... Options .......................................................................................................................................................... Licensing .......................................................................................................................................................... 35 35 35

5 Controlling Client PCs ................................................................................................................................... 36


Options and Functions of Clients .......................................................................................................................................................... Special Notes .......................................................................................................................................................... HDGUARD Options and Functions .......................................................................................................................................................... 36 37 38

6 Room Configuration ................................................................................................................................... 40


Rooms .......................................................................................................................................................... Creating .......................................................................................................................................................... and setting up a room Properties of a room ......................................................................................................................................................... Background Image ......................................................................................................................................... Nominal State ......................................................................................................................................... Adding, removing and positioning HDGUARD clients ......................................................................................................................................................... Teacher Console ......................................................................................................................................................... 40 41 41 42 42 42 43

7 Monitoring Functions ................................................................................................................................... 44


Teacher Console (client side) .......................................................................................................................................................... Using the Teacher Console ......................................................................................................................................................... The Room Map ......................................................................................................................................................... Room Information Window (master side) .......................................................................................................................................................... 44 44 45 45

8 Remote-controlled HDGUARD Installation ................................................................................................................................... 46


Preparation .......................................................................................................................................................... Installing.......................................................................................................................................................... HDGUARD remotely Work Group View in HDGUARD.master ......................................................................................................................................................... Form for remote installation ......................................................................................................................................................... 2012 RDT - Global 46 47 47 47

Contents
Advanced settings for remote installation .........................................................................................................................................................

iii
48

9 HDGUARD.master and HDGUARD Updates ................................................................................................................................... 49


Update via the Internet .......................................................................................................................................................... Applying.......................................................................................................................................................... updates HDGUARD.master Update ......................................................................................................................................................... Updating HDGUARD Client PCs ......................................................................................................................................................... Proxy-Server .......................................................................................................................................................... 49 50 50 50 50

10 Script Control ................................................................................................................................... 50


Introduction .......................................................................................................................................................... Scripting.......................................................................................................................................................... Safety Important notes .......................................................................................................................................................... Taking time for execution into account ......................................................................................................................................................... Script Functions In Depth .......................................................................................................................................................... ON / ......................................................................................................................................................... OFF (Activating and Deactivating HDGUARD) iOFF......................................................................................................................................................... (Applying changes to current session) LIC (Licensing HDGUARD) ......................................................................................................................................................... PROT / SWAP / HIDE (Defining HDGUARD configuration) ......................................................................................................................................................... PASS (Setting client passwords) ......................................................................................................................................................... USAGE (Query Swap-File usage) ......................................................................................................................................................... Spaces and Special Characters ......................................................................................................................................................... 50 51 51 51 51 51 52 52 52 53 53 53

11 Remedying Errors ................................................................................................................................... 54


Network .......................................................................................................................................................... Client network-messages ......................................................................................................................................................... Switches and Routers ......................................................................................................................................................... Other Sources of Errors .......................................................................................................................................................... Online update does not work ......................................................................................................................................................... Connection error when clicking a client ......................................................................................................................................................... Clients don't appear ......................................................................................................................................................... 54 54 54 55 55 55 55

HDGUARD.remote

57

1 Basics ................................................................................................................................... 57 2 Types of................................................................................................................................... 58 remote connections 3 Security................................................................................................................................... 59


Passwords .......................................................................................................................................................... Licenses.......................................................................................................................................................... Data transfer .......................................................................................................................................................... 59 59 59

Glossary Index

61 63

2012 RDT - Global

Overview

Overview
1.1 HDGUARD
HDGUARD 3 protects your hard drives against permanent changes. After restarting the computer, the desired original state is automatically restored. Even if users make changes to files or delete them, this has no permanent effect. The high level of operating safety of the protected PCs relieves the responsible IT employees of some of their burden and provides an extremely long-term period of stability even for public PCs! The protective effect of HDGUARD is augmented by an effective USB protection, which restricts the use of USB drives. A number of useful options also ensure that the software can be easily integrated into existing IT concepts. This makes HDGUARD suitable for virtually any area of application.

1.2

HDGUARD.master
The HDGUARD.master 31 module centralizes the control and monitoring of HDGUARD-protected computer networks. You can selectively activate and deactivate individual computers or entire rooms. Automatically monitor the protection of your computers and display safety warnings if a computer is started up unprotected. HDGUARD.master perfectly supplements all networks where HDGUARD-protected PCs are used.

1.3

HDGUARD.remote
With HDGUARD.remote 57 two distant HDGUARD.master installations may be connected in a way both are acting like a sole application. Each of both installations in this case will be responsible for handling the HDGUARD clients around next to it.

2012 RDT - Global

HDGUARD

HDGUARD
HDGUARD protects your hard drives against permanent changes. After restarting the computer, the desired original state is automatically restored. Even if users make changes to files or delete them, this has no permanent effect. The high level of operating safety of the protected PCs relieves the responsible IT employees of some of their burden and provides an extremely long-term period of stability even for public PCs! This high level of operating safety is achieved by the fact that HDGUARD redirects all changes in the Windows partition (and in any other desired partitions) to the HDGUARD area. As the operating system is being started up, all functions can be used without restrictions, and the user does not detect any difference between this and a traditional unprotected PC. As soon as the PC is restarted, HDGUARD discards all changes. This requires only a fraction of a second, no matter how extensive the changes were. The protective effect of HDGUARD is augmented by an effective USB protection, which restricts the use of USB drives. A number of useful options also ensure that the software can be easily integrated into existing IT concepts. This makes HDGUARD suitable for virtually any area of application. Beyond the classic protection features a few of helpful and didactic features have been added to the HDGUARD product family. So to get the most out of your IT equipment, see the chapters titled Teacher Console and Configuration. HDGUARD is a pure software solution. No hardware interventions into the protected systems are required. By doing away with PC cards or dongles, HDGUARD fits in perfectly in new or existing systems.

2.1
2.1.1

Set-up Information
Preparation
Operating-System requirements
PC with Microsoft Windows XP or later. Dynamic volumes are not supported. In order to operate HDGUARD with the add-on program HDGUARD.master, each HDGUARD PC must respond to ping signals. This is generally prevented by the firewall integrated in Windows. Configure the Windows firewall so that the PC reacts to incoming echo requirements.HDGUARD creates such a firewall rule during installation on demand.

Operating System Notes


Windows Vista and Windows 7 When opening the HDGUARD user interface having activated User-Account-Control, a security dialog of the operating system appears. This dialog may be visible as minimized window in the task bar only. Please confirm the operation, to grant HDGUARD the required access privileges to all system resources. If you use a screen DPI setting above 100%, do not use "Windows XP style DPI scaling". This option can be adjusted in the "Set custom text size (DPI)" dialog.

2012 RDT - Global

Windows XP HDGUARDs user interface is not compatible with a DPI scaling above 100% or 96 DPI. The software described in this manual was developed for Windows XP and Windows Vista and Windows 7. For use with Windows 98, Windows ME, Windows NT4 and Windows 2000, another version of HDGUARD with reduced functionality is available for download from our website. A separate partition is required to operate it. This partition should be created using appropriate software tools (not included in the scope of supply of HDGUARD) before installing the operating system.

Hard Drive Environment


After activation HDGUARD will protect one or several (optional) hard disk partitions completely. The protection hereby granted is without compromise and thus unbeatable secure. In case you require an Antivirus software or applications in need of storing data on the protected PC, please proceed reading the chapter HDGUARD & Applications 22 before installation.

2.1.2

Installation
Manual Setup
First, make backup copies of all important data. Faulty operation, incorrect installation or an unscheduled interruption of the installation or configuration could result in damage to or loss of data. Ramcke DatenTechnik GmbH and its partners are not responsible for any loss of data or the consequences thereof. Save all open documents and close all running applications before proceeding. Then run the installation files that can be found on the enclosed CD or on the Internet at www.hdguard.com. Using a 64-bit Version of Windows, the 'HDGUARD x64 Update' appears prior to the normal installer. This component is essential for installation on 64-Bit Operating-Systems While installing you can choose between English, German and Spanish language and you can preconfigure Windows firewall for communication between HDGUARD and HDGUARD.master. As soon as HDGUARD has been completely installed, a dialog appears for restarting the computer. Restarting the computer is required in order to configure HDGUARD. The HDGUARD-protection is not compatible with the Windows power state 'Hibernation'. Therefore, this option is disabled to ensure system stability.

Cloning Support (for rapid deployment)


HDGUARD has been optimized for seamless integration into hard disk images. Network-wide deployment that way can be done by using given cloning infrastructures. Cloning-integration is indeed very simple and straightforward: Once youve completed setting up a PC for being cloned (i.e. installed all software
2012 RDT - Global

HDGUARD

and adjusted all system settings), HDGUARD can be installed as usual. There is nothing special to consider during installation. After installation, run HDGUARD and proceed with configuring your hard disk protection settings. Its best to enter the license key now and define what partitions to protect. Now leave configuration. Press Close.Do not activate the protection now, as the hard disk image likely would become unusable. Reboot once. Now youre well prepared to create the image using your favourite cloning tool, to be spread by network. Please note that HDGUARD must not be active during image-creation. You can activate HDGUARD subsequently using different methods. We recommend HDGUARD.master 31 for remotely activating all your HDGUARD clients in one single-click operation. Other methods are command line scripting 51 or manual (client-wise) activation.

MSI Support
The HDGUARD setup program is based upon the MSI standard of Microsoft. Thus it is possible to benefit from the features of the Microsoft Installer engine. For detailed information please visit the website of Microsoft and contact the HDGUARD support team.

2012 RDT - Global

2.2

Operation
After installation you find HDGUARD in 'Quick Launch' toolbar, 'Start Menu' and in its program folder.

2.2.1

First start
Double-click the HDGUARD Symbol in order to open the central user interface. You will see the main window with its deactivated control buttons.

Main window after first start.

Press Configuration in order to open the configuration window.

2.2.2

Configuration
The configuration screen contains everything you need for customising HDGUARD to suit your needs. In most cases, you will only ever need the configuration screen one time before activating HDGUARD. Thereafter, changes to the configuration will only need to be made in rare instances.

Configuration wizard
HDGUARD helps you configure the hard drive by means of an Assistant, which automatically selects the most common setting, protecting the system partition and setting up an adequate swap file. In most cases it is sufficient to confirm the Assistant inquiry with yes.

2012 RDT - Global

HDGUARD

Automated partition verification

In the second step you are asked, how much space you want to reserve for the HDGUARD-area on your partition.

Adjust size of the HDGUARD-area

Select the desired size and click OK.

2012 RDT - Global

Hard drive
This is where you determine which partitions are to be protected and where the HDGUARD area will be located. Data that is required for restoring the original state of the protected partitions is stored in the HDGUARD area.

Use the tabs in the upper region to switch between different configuration areas.

Each view of a partition can be toggled between Status and Information by clicking the according symbol. To protect Tick this option to include the partition in the HDGUARD protection. All changes to this partition will then be discarded when the computer is restarted (depending on the type of protection). Read only If you want to effectively protect your teaching materials, a simple write protection is generally enough, as you know from floppy disks, for example. Select this option to block any write access to the partition in question when HDGUARD protection is activated. In this way, the teaching materials cannot be changed even temporarily. HDGUARD Swap File The swap file is required to operate HDGUARD. This file can take up to several gigabytes in size, depending on the use of the PC. You can determine yourself during configuration which size you feel is appropriate. Please read the chapter entitled HDGUARD and Applications 22 to optimally adapt the swap file to your purposes. HDGUARD Partition If you have an unformatted partition of sufficient size, it can be made available for HDGUARD as an alternative to a Swap-File.

2012 RDT - Global

HDGUARD

License and Password

Licensing This is where you license the product. Entering your license key will lift the time limit of the unlicensed version and you can use the full range of functions. The license key consists of 4 fields of 5 characters each. Enter the complete license key. As soon as a valid license is detected, the Accept button becomes active. Click there to save the license permanently. In order to save the license data, the hard drive configuration must be completed. A dialog will remind you of this. Password The password protects against unauthorized access. It can have a length up to 16 characters. A colored indicator shows you the strongness of the password while typing it. No one can deactivate HDGUARD or change the configuration without knowing the password. The Service Key is the one exception (see below). This option is available after successful licensing. This option is deactivated in the unlicensed demo operation. Service Key If desired, you can define a Service Key. The Service Key is any commercially available USB stick. It provides easy access to the HDGUARD configuration. Particulary for service teams where maintenance work is delegated on a regular basis, a Service Key can save you a great deal of effort and improve security. The owner of the Service Key can undertake maintenance work such as updates or changes to the system setting without knowing the HDGUARD password. The Service Key therefore functions like a password replacement. If you have activated the HDGUARD USB protection, this will automatically be turned off when the Service Key is plugged in. You can thus transport files to the Service Key for service purposes.

2012 RDT - Global

10

USB Protection

Portable USB drives such as USB sticks have become an indispensable medium for exchanging data. They can be used to transport large quantities of data. Unfortunately this brings not only advantages to academic and commercial networks. Use HDGUARD to limit access to USB devices effectively. You can thus easily reduce improper use of portable mass storage. The following three protection options are available: 1. Write protection for USB drives 2. Write/read protection for USB drives 3. Automatically eject USB drives In most cases write protection (1) is a good compromise, which protects your network and still allows homework to be brought into the lesson using a USB stick.

Login and Updates

2012 RDT - Global

HDGUARD

11

Here you can configure login behaviour as far as possible. HDGUARD provides the option to automate regular update tasks. Up to three update periods are available for freely definable tasks. More detailed information can be found in the Software Updates 18 chapter. You can also start "HDExcptWiz" in order to configure folder redirections and registry virtualization. Please read HDGUARD and Applications 22 for more details.

Visibility

It is often the interest of the administrator, to prevent users from knowing about the presence of HDGUARD. The administrator can thus determine the visibility level of HDGUARD himself, from fully visible to not visible. Desktop Icon An HDGUARD icon is placed on the desktop. Double-clicking on this icon will start the HDGUARD program. Quick Launch bar Create an icon in the fast-start bar. The Quick Launch bar is located directly next to the Start button in the start bar of Windows. If it is not visible, right click your Start bar, select Toolbars and tick Quick Launch. Start menu entry Create an entry for HDGUARD in the Start menu (under Programs). Splash screen In addition, display an info-window when HDGUARD is activated. Systray icon The system tray (Systray) is located to the right on the Windows Start bar. The activation status of HDGUARD can be displayed here in an inconspicuous icon. It is a good idea to always have this icon displayed.

2012 RDT - Global

12

Display status window of the tray icon A status information appears when you stand over the tray icon with your mouse.

User Folders

Move My Documents, Favorites and Cookies of the current user

There are a number of user directories under Windows, which are also protected in the basic HDGUARD configuration. In order to use the My Documents, Favorites and Cookies directories normally whilst the hard drive protection is active, HDGUARD can move these directories to an unprotected partition. Please note that all user directories will be permanently moved when using this feature. This procedure cannot be reversed!

If you move the user directories to network drives, you must make sure that these network drives are automatically connected when starting the PC.

2012 RDT - Global

HDGUARD

13

Miscellaneous

Other settings can be found here. Confirmation dialogs can be turned on and off here. The welcome dialog can be turned on and off. Other options govern the interaction of the PC with HDGUARD.master. These only apply if you use HDGUARD.master to remotely administer your HDGUARD PCs.

Help and Support


If you should need support, you will find various sources of information and contact options here. This manual provides you with the initial basic information. It is possible however, that you may find a more current edition on the Internet, or that there are more recent findings. We will be happy to help out if you experience any difficulties. Use the online form (feedback or error report) that corresponds to your inquiry. You will receive technical support promptly.

2012 RDT - Global

14

2.2.3

Main Window

The Main Window provides direct access to the most frequently used functions.

Having left configuration you see the main window again. The first three buttons are used for activating and deactivating the hard drive protection. Depending on the availability of the function, one or more buttons may be grayed out (and therefore inoperable). When first starting HDGUARD, the basic settings must be made. First continue on with Configuration. After this is completed you will be able to activate HDGUARD for the first time. When activating HDGUARD, you can choose from three different types of operation: Automatic, software test and seminar mode. All of these types of operation are based on the HDGUARD principle, which comprehensively prevents changes to the protected partitions. The only difference is the method of restoring.

2012 RDT - Global

HDGUARD

15

Activating HDGUARD

Selection of the three HDGUARD modes

Automatic The Automatic operating mode restores the original data of the protected partitions with each restart. The user cannot interfere with this option. Softwaretest The Softwaretest operating mode restores the original data of the protected partitions with each re-start under normal circumstances. The user can decide, however, that the data of the last session should be retained. The user can initiate this either during the preceding session or directly before starting Windows. Seminar The Seminar mode of operation restores the original data of the protected partitions only if this is requested by the user. Under normal circumstances, all changes are retained from session to session! This mode of operation is therefore very well suited for seminars lasting several days, where the user would like to continue with his work the next day, for example.

2012 RDT - Global

16

Using Windows XP a menu appears before booting up the system. This menu controls the Softwaretest and the Seminar mode.

Seminar mode: Configuration Menu in Windows XP

The menu for selecting different hardware configurations is not available in Windows Vista and Windows 7. You can choose whether the changes should be preserved the next time you start Windows before you restart or shutdown Windows. Just right-click on the HDGUARD tray icon and choose the desired option, if necessary.

Seminar mode: How to control restart option

After you have activated the hard drive protection, the mode of operation cannot be changed until you have restarted the PC.

Deactivating HDGUARD
The Deactivate and Apply changes buttons both lead to deactivation of HDGUARD. They differ from each other as follows: Deactivating You would typically use this option if you are uncertain if or what other changes have
2012 RDT - Global

HDGUARD

17

been made in the current session. System shuts down immediately and reboots without HDGUARD protection. Applying changes Please note, for security reasons, this button is deactivated in the Seminar mode. Use the Apply changes option if you have already made changes to the PC that you would like to keep, such as the installation of new software or changes to system settings. Click on Apply changes to deactivate HDGUARD immediately without needing a system restart. Changes in the current session are immediately transferred to the previously protected partitions. This may take some time, depending on the amount of data to be transferred and your hard drive transfer rate. If you choose this Option for deactivating HDGUARD protection, you will be asked if the system should run persistently without protection or if HDGUARD protection will be automatically reactivated at the next reboot. Please read the section Windows Updates 19 for more detailed information for this decision. The appliance of changes cannot be canceled. This means that the transferred status replaces the original status.

Use the "Apply changes" option only, if you have been working exclusively at this PC since the last restart. Otherwise changes made by other users are applied too.

Statusinformation
Moving your mouse pointer over HDGUARDs system tray icon, you will see information about version, license and utilization.

Status information of the system tray icon

When HDGUARD is activated, its main window shows detailed information of the utilization of the HDGUARD-area.

2012 RDT - Global

18

Status information of the main window

2.3
2.3.1

Software Updates
Basic Principles
The purpose of the HDGUARD protection is to ensure that the individual client PC installations cannot be changed by the user or the operating system. Thanks to HDGUARD, the software environment needed for operating the PC and its network is always in a functional status. The matter of the network users personal data must be assessed in a different way. A virus or other damaging software must by no means be embedded in a computer in order to carry out its work. It only takes an Internet worm a few minutes to enter a users mailbox for example, and misuse it for its own purposes. It is therefore advisable to run regular operating system updates and anti-virus updates. Updates can be automatically downloaded and installed using various programs from the Internet. Each manufacturer relies on its own mechanisms to this end, and protection software such as HDGUARD cannot be familiar with all of them. A general method of resolution was therefore selected: Update time periods allow the protected PCs to carry out the previously defined update tasks automatically and over night. When a PC protected by HDGUARD reaches an update period, it is automatically restarted, to start up again unprotected (but with blocked mouse and keyboard). When the PC exits the update period, it is automatically shut down. If this technique does not fit your requirements but a specific program installation needs to be excluded from HDGUARD protection (as far as possible), please read section HDGUARD and Applications 22 . If you choose Windows "Safe mode" operation in an update period, the HDGUARD protection is activated.

2012 RDT - Global

HDGUARD

19

2.3.2

Windows Updates
HDGUARD is activated, it deactivates the service that automatically updates Windows. If you install Windows Updates manually in a temporarily unprotected system, consider that some Updates do post-installation tasks at boot-time at the next reboot and may reboot then one again. If HDGUARD protection is active at the first reboot, the system reboots continuously and cannot be salvaged. Make sure that Windows Updates and other program updates have finished all their post-installation configuration, before you reactivate HDGUARD protection. We recommend to use HDGUARD Task Scheduler for the installation of Windows Updates.

2.3.3

Configuration of the Update Tasks


HDGUARD provides an easy option for configuring update tasks. For update tasks, HDGUARD deactivates itself automatically, in order to thereby enable the system environment to carry out persistent saving operations (i.e. changes to the system). Both time-controlled automatic updates and script-controlled updates are available. Scheduled automatic updates are offered by Windows and a number of anti-virus packages. Programs independent of HDGUARD then take over the automatic execution of updates at a specific time. In order for the automatic update procedures of third-party software to accomplish their tasks, you may specify an update interval within HDGUARD which fits in with the settings of the update procedures. If your update program needs a user to be logged in, you can automatically log in a user with locked screen while the PC is in an update period. Script-controlled updates are initiated by HDGUARD itself. One command line per interval can be specified for this purpose, which is then automatically executed by HDGUARD.

Required General Conditions


In order for the updates to be successfully initiated, it is essential that the PCs being updated are started within the update interval. This can be achieved in a variety of ways. The easiest way is to start the PCs manually. But this is usually not a reasonable option in networked environments. The other possibilities are: Start the PC using Wake-On-LAN We recommend using HDGUARD.master for this purpose. Time-controlled start-up of the PC using the time control system in the BIOS Let the PC run until the update interval: In this case, the last user does not turn off the computers on the cut-off date. You can set the update interval so that the PCs are updated every evening for two hours starting at 6:00 p.m., for example. Arrange for the users not to turn off your client PCs in the evening in this case. Then, each evening after the PCs have been updated, HDGUARD itself ensures that the PCs are shut down and turned off provided the PC hardware allows it.

Which software updates should be considered?


The configuration must take into account all software products on the HDGUARD-protected PCs that need to be updated on a regular basis. Included here
2012 RDT - Global

20

are: System components Anti-virus software Desktop firewalls Global browser plugins and add-ons Network software in general If the software to be updated offers a time-controlled update procedure, please set the update times for this software so that they fall within an HDGUARD update interval. If a time-controlled procedure is not offered by the software to be updated, HDGUARD can execute the update program for this software as a command line. You can find the information required for this in the manuals for the respective software.

Configuration of the Update Tasks


Open HDGUARD task scheduling by selecting the Login & Updates field in the configuration and pressing "Task Scheduler". You will see up to three update time periods, during which the PC can be started without hard drive protection.

The three update tasks (according to the three tabs in the screenshot) can be configured independently of one another. Enter the execution date, start time, duration of the update as well as the actions to be carried out, if applicable. You can recognize

2012 RDT - Global

HDGUARD

21

an activated update period by the 'checked symbol'

in the tab-bar.

With the option "execute:" you can execute any program or script. It will be started with those credentials, that have been specified in the last tab 'Accounts'. If there are no credentials provided, processes will run with system privileges. All scripts and programs run without user interaction and user interface in the background. So you might check program logs and file version information to verify, that all tasks have been completed. If you check "search for Windows Updates...", the Task Scheduler searches for Windows-Updates when the system starts in the update period. Then it downloads and installs those Software-Updates, that meet the following conditions: They are marked as "to be installed automatically" by Microsoft. They do not have an installer with an user interface (except EULA) They are not marked as "hidden" by a local user. The PC restarts automatically, if an update requires it. You do not need to adjust the Windows-Update service at all, because Windows-Update will be deactivated when HDGUARD protects the hard drives. With the option "ALLOW-LOGIN", you can specify whether a user is allowed to login during the update period. Just enter the user name in the last tab. With this account you can login to the unprotected system and manually make changes during the update period. This is possible via Terminal Session as well as locally. If an automated logon with locked screen is desired, choose the option "AUTO-LOGIN". You have to enter user name, password and , if necessary, domain information in the last tab.

2012 RDT - Global

22

Additionally you have an option for a special update period that makes the system compatible with daylight savings time (DST). According to the systems time zone information an additional update period will be created. After time has changed, the first system start will be in an unprotected and locked mode, so Windows can save time-changes persistently. This mode ends after 2 minutes and the system reboots in normal protected mode. This option avoids that Windows adjusts the real time clock every boot time. On every start within an update period, Windows Time Service resynchronizes the local clock with the adjusted external source. Make sure that all your client PCs have correctly and completely adjusted options for timezone, daylightsaving and internet time. If your clients belong to a Windows Domain, make sure that they can get the time information from the Domain Time Service.

Make sure that the update duration is long enough for the scheduled tasks. This is especially remarked for the option "Windows Update".

Update periods should not overlap or directly connect each other. If they do so, the second period might be ignored.

Please note, the automatic login feature targets the normal Windows login dialog. Other login procedures (e.g. Novell, Smart Card or fingerprint scanners) must be prepared in order not to stop the boot sequence.

2.4
2.4.1

HDGUARD & Applications


Adapting Application Programs
From time to time it is a good idea to make special settings in the operating system, on the network or in application programs in order to adapt the storage paths or paths for temporary files. This chapter will deal with a few cases which can be easily transferred to a number of popular applications. If an HDGUARD PC does not respond as requested, please read the following sections carefully and in case of doubt contact HDGUARD Support (support@rdt.de).

2.4.2

Applications that process large amounts of data


Included here, for example, are the following: Graphic, video and sound editors Virtual CD drives Burning programs for CDs and DVDs If large amounts of data are stored or changed on a protected drive, utilization of the HDGUARD area can escalate quickly. In extreme cases, it may be necessary to restart the computer. You have two solutions for this problem: Adjust the size of HDGUARD area, so it can store all the temporary data, or
2012 RDT - Global

HDGUARD

23

transfer the storage paths of applications heavily loaded with data to an unprotected data partition to decrease the memory requirements of the system and increase the speed of the respective application.

2.4.3

Applications that are supposed to store files permanently


Included here, for example, are the following: E-mail clients Web browsers Virus scanners Computer games that save scores In certain cases, it is desirable or necessary for a user or application program to be able to save documents on the local PC. An unprotected data partition is usually created for these cases, on which all types of files can be stored for long periods. The storage paths of respective applications must be adapted according to the instructions from the manufacturer. Virus scanners and comparable security software perform updates of their program components and data on a regular basis. You can allow these updates to be run in the following ways: By using an unprotected data partition or a network drive. Please find further information on this method in the succeeding section. By temporarily deactivating the HDGUARD client using the HDGUARD.master during a manually triggered update. By using HDGUARD task scheduling. This is the recommended method for Windows-Updates and Antivirus updates. By automatically deactivating the HDGUARD clients temporarily using the HDGUARD script control during an automatically triggered update. The script control is an integral component of the HDGUARD.master.

2.4.4

Registry
HDGUARD protects partition wide. So all system-wide Registry values will be protected, because Registry data is stored on system partition. For simple cases HDGUARD provides a technique to exclude up to 20 predefined Registry values from its protection. Only values from subkeys in the Path HKLM\Software are supported. HDGUARD driver will be configured by the AntiVirus configuration wizard 24 . Then all changes of the predefined Registry values will be stored in a file on an unprotected volume and restored at boot-time.

2.4.5

Allocating an additional (unprotected) partition


In some cases it is recommended to use a dedicated unprotected partition of your hard disk for storing data permanently. That partition usually is assigned the drive letter D. Such a partition can be easily created with the aid of Windows provided utilities during installation of the operating system. If available, it could also be created subsequently in a free space of the hard disk. In case there is no more free space on the hard disk, disk management from Windows Vista and newer can decrease the size of an existing partition in order to create space

2012 RDT - Global

24

for a new partition. Windows XP cannot resize partitions. In that case a new partition could be created by using special hard disk tools (which are not part of the HDGUARD distribution). For the sake of completeness, at this point it should be mentioned you could attach another hard disk to the PC. That hard disk could be set up to host an unprotected partition, too. However, it is always recommended to be aware of the particular storage requirements and make arrangements before installing the operating system. A more detailed description of how to create an additional Partition can be found in section Create an unprotected partition 25 .

2.4.6

Special Network Environments


Included here, for example, are the following: Domain controller and server-supported profiles Microsoft Exchange Server (for central e-mail management) Keep in mind that all of the data that a server transfers to a protected hard disk drive is not stored there permanently. The server will therefore send this data to the client computer with every restart. This can result in considerable delays when starting the computer. In these types of environments, it is therefore advisable not to save files in the My Documents folder or on the desktop, but rather to instruct the user in how to use a user-specific server directory.

2.4.7

Saving Application Data


Application data can also be saved even when HDGUARD is installed. The basic requirement for this is a partition that is not protected by HDGUARD, which is formatted with any desired file system and accessible via a drive letter. Most applications can be configured so that they save their data on these unprotected partitions. In more complex network structures, the additional use of a domain controller is recommended, and along with it a server-based storage for application data.

2.4.8

My Documents, Favorites and Cookies


Within its configuration, HDGUARD provides a utility that moves user directories. You can learn more in the chapter on configuration 12 .

2.4.9

Exception configuration Wizard


This wizard can configure folder redirections for third party software and virtualization of Registry values. You may run the wizard wthout predefined data by clicking the button "HDExcptWiz" in HDGUARD configuration at step Login and Updates 10 . You can find project files with predefined configuration data in subfolder HDExcptWiz in HDGUARDs installation folder. If you want to run the wizard with predefined data just double-click the desired file or click 'Open Project' in wizards user interface. By clicking button '..., next step' state and data of the wizard will be saved (in the opened project file or temporarily) and the wizard will be started once after the next reboot. With this you can comfortably continue configuration after reboots. By clicking button 'cancel' auto run and state information will be removed.

2012 RDT - Global

HDGUARD

25

Step 1: Create an unprotected partition


If you want to configure exeptions from HDGUARD protection for folders and Registry values, you have to have an unprotected volume on your system hard drive. If you already have one, just click on 'goto next step'.

With this wizard you can open Windows disk management console. You can create an additional Volume with the following steps: (not Windows XP:) Look for a partition which can be shrunken and do a right-click on it. (not Windows XP:) Choose 'Shrink Volume'. A dialog opens. Define the size of which the volume should be shrinked and click 'shrink'. Graphical interface shows free space on your hard drive. Do a right-click on that space and choose 'new volume'. A dialog asks you for the parameters for the new volume. It is important that you format the new volume with the NTFS file system (like system volume). Assign a new drive letter to it. Then you can close disk management console and click 'goto next step'.

Step 2: Folder redirection


Many applications (like anti virus programs) install their files not only into a single program files subfolder. This wizard gives you the possibility to redirect up to two

2012 RDT - Global

26

subfolders from program files, one subfolder from programdata and one subfolder from program files\common files to automatically created folders on an unprotected volume. This wizard configures the feature 'NTFS junctions'.

First you have to select a folder on an unprotected volume. This also has to be done, if you do not want to redirect some folders, but if you want to virtualize some Registry values. Virtualization data will be stored in that location. If you opened the wizard with a project file, the lower edit fields are already filled. Path to unprotected volume is not saved within the project file. Make sure that all folders to be redirected do not exist. Because of that this wizard can only be executed before you install your desired third party software. On 64-bit Windows installations both the ...(x86) - folders and the 64-bit - folders will be used for creating junctions.

Step 3: Install your program


You can install your third party software now. If you need to reboot, the wizard automatically restarts with your next logon and continues with the actual step. For a reboot do not close the wizard with 'cancel', as described above.

2012 RDT - Global

HDGUARD

27

Step 4: Registry virtualization


HDGUARD can store data of up to 20 Registry values from HKLM\Software in a file on an unprotected volume. Default values (nameless values) of Registry keys are not supported. The file will be created in the folder specified in step 2.

On 64-bit systems you may have to include some values from 32-bit Registry hive: HKLM\SOFTWARE\Wow6432Node\ . They must be added manually and begin with 'Wow6432Node\' .

Step 5: Save project data


Step 5 gives you the option to save your project settings to disk. You can use the file on an identical Windows installation with this wizard.

2.4.10 E-mail Programs


The e-mail databases and address books of the current Microsoft programs can be moved to an unprotected partition in a few simple steps. You can thus work with e-mails in the usual way, even with active HDGUARD protection. The configuration of your e-mail program is fairly straightforward. In order to avoid any data loss, you should ensure that you have read and understood the following recommendations.

2012 RDT - Global

28

The following applies for all of the procedures described here: In your own best interest, create back-up copies of your e-mail databases before you copy or move them. Make a note of each step of your procedure, in order to obtain help quickly in case of difficulties. In case of questions regarding the procedures, get in touch with HDGUARD Support. To adapt e-mail programs that are not described in this chapter, please refer to the respective provider.

Outlook Express Relocating an e-mail database


The e-mail storage path can be selected within Outlook Express. The e-mail program automatically moves the e-mail database for you during the next program start-up. You can specify the new path for the e-mail database as follows: Within Outlook Express, select the menu item Tools | Options | Maintenance | Store folder In the Store Location dialog, press the button Change and select the future storage place in the Browse for folders dialog that appears. Then close Outlook Express, and restart it. Follow this procedure for each user account of your operating system. It is important to ensure that each user receives his/her own store folder. The rights to this store folder are to be adjusted so that only the respective user can read and write the files.

Relocating the address book


In addition to the e-mail data, an address book is also stored by Outlook Express, which must be relocated separately to another location. This setting requires changes to the Windows registry and should only be undertaken by experienced users. The original store path of the address book is: C:\Documents and Settings\[User name]\Application Data\Microsoft\Address Book\[User name].wab Step-by-step procedure: Close Outlook Express Open the original store path of the address book Copy the address book file to an unprotected drive (for example D:) Use the Windows utility REGEDIT to adapt the store location of the address book. Outlook Express makes note of the store location of the address book in the Registry path: HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name Enter the new (unprotected) store location there.

2012 RDT - Global

HDGUARD

29

Outlook New e-mail accounts


When a new e-mail account is created in Outlook, the path for the personal folder can be specified upon completion. The personal folder contains all e-mails and contacts and is located on your hard drive in the form of a PST file. To store the PST file on an unprotected partition, proceed as follows: Create the future Outlook folder, e.g. D:\Mail\UserName Make sure that the current user has access rights to this folder. Select this folder when setting it up as a "Personal Folder" (see above).

Existing e-mail accounts


An Outlook file that has already been used can be moved and afterwards be used again normally. It must however first be found. Proceed using the following steps: Open the Windows search dialog in the Start menu: Start | Search | For files and folders... Search for files with the suffix PST (enter pst as part of the file name) The Outlook.pst file exists for each Outlook user that has been set up. Move the Outlook.pst of the current user to the future (unprotected) mail directory of this user. This must be done with the appropriate care so that the e-mails of a particular user do not become visible to other users. When Outlook.pst is no longer in its original path, please re-start Outlook. An error message appears: This path is not valid. Within this dialog, select the Outlook.pst file that has just been moved.

Thunderbird New E-Mail accounts


Before starting Thunderbird the first time, you can select the folder where the user profile will be saved. To do this, start Thunderbird from the command line ( thunderbird -p ) and click on "Create Profile". Within the wizard you can save the new profile in a folder that is not protected by HDGUARD.

2012 RDT - Global

HDGUARD.master

31

HDGUARD.master
The HDGUARD.master module centralizes the control and monitoring of HDGUARD-protected computer networks. You can selectively activate and deactivate individual computers or entire rooms. Automatically monitor the protection of your computers and display safety warnings if a computer is started up unprotected. As an option, owners of remote-enabled licenses are able to Control wide area networks over TCP/IP. More information can be found at the HDGUARD.remote chapter 57 . Since HDGUARD.master is a pure software solution just as with the individual workstation version, no hardware intervention into your computers is required. In particular, no special PC cards or dongles are required.

3.1

Installation
Installation Requirements Make a backup copy of all important data. Faulty operation or faulty installation could result in damage or loss of data. Ramcke DatenTechnik GmbH is not responsible for any loss of data. Sufficient free hard disk space and a working network environment is required in order to guarantee a correct installation, configuration and operation. The TCP/IP protocol has to be installed. The real memory requirement depends basically on the application area. That's why we recommend regular control of the individual memory consumption. Using Windows 2000 or XP you may have to install the Microsoft .NET Framework 2.0. On all PCs the Internet Explorer 5.0 or a newer version has to be installed. HDGUARD.master und HDGUARD In order to operate HDGUARD.master you have to have HDGUARD secured clients. These can either be installed during the HDGUARD.master installation or separately. How to install HDGUARD is described in depth in the previous chapter 3 of this manual. Please look out for recent versions of HDGUARD frequently to always benefit from all latest features.

3.1.1

Types of installations
Pure server installation It's most common and recommended to install HDGUARD.master on the server. The team of administrators in this type of installation has access to HDGUARD.master at the server exclusively. It's absolutely possible to achieve access through terminal session or remote desktop. Pure desktop installation A pure desktop installation is recommended in a few certain situations only, because it restricts the available features of HDGUARD.master. Restrictions result from the fact that a desktop PC commonly is not available around the clock. Being shut down, the features below will not function:

2012 RDT - Global

32

Automatically turning the clients on or off (like the power saver feature) The Teacher Console Desktop/Server installation A mixed installation of desktop and server should be used in situation where a server is hardly accessible and thus can't easily be accessed directly, and also can't be accessed through remote desktop or terminal sessions. HDGUARD.master will then have to be installed on both systems (desktop and server) completely. The desktop will be used to connect to the server via HDGUARD.remote 57 connection, this way having full control over the settings. Server and desktop that way share one single configuration. Connecting a desktop to a server uses remote features, and therefore requires you to own sufficient HDGUARD.remote licenses.

3.1.2

Installing HDGUARD.master
Run the setup application with administrators privileges on your PC or server. It will install all components used by HDGUARD.master with all its features.

3.1.3

Licensing HDGUARD.master
Before using HDGUARD.master you'll have to enter a license key. To do so, open the HDGUARD.master user interface by double-clicking its icon. Choose File | HDGUARD.master License from the menu and enter your license key. If you own more than one license just click Extend License and add all of them.

Opening the license dialog

Each HDGUARD.master installation has to be verified with a license key to be used entirely. That's required for all installations like on all servers and on all desktop PCs.

3.1.4

Firewall Settings
Communications between HDGUARD.master and HDGUARD Client PCs must not be prevented by firewalls in order to function properly. Therefore, it is important to configure all required firewalls between the Master and Client computers in such a way that the following communication paths are not blocked.

2012 RDT - Global

HDGUARD.master

33

IP - Addresse(s) Multicast Direct Connection Remote connection between two HDGUARD.master instances 224.77.0.1 (default) All Client addresses

Port(s) 25676, 25678, 25679 25680, 25681, 25682

All Master addresses

25652 (default)

Webservice for updating HDGUARD All Master addresses clients Clients must respond to ICMP echo requests ("Ping").

25651

If you want to update your HDGUARD clients from your HDGUARD.master, your network must be able to reference them by their Windows-Names.

Windows XP Service Pack 2 introduces a firewall as part of the operating system. By default, that firewall blocks echo/ping requests. Please configure the firewall properly.

3.2

HDGUARD.master in practical use


HDGUARD is a dependable hard disk protection system, and works well on large networks in particular, relieving some of the work of the Administration team in its daily operations. Setting up HDGUARD lessens the administrative effort, because the operating systems do not need to be meticulously set up with limited user rights. Using HDGUARD.master is recommended to facilitate the easy installation of updates and new software throughout the company, despite a large number of protected systems. HDGUARD.master should be installed on a Domain Controller or Administrators workplace, and allows the Service Team to gain access to the state of each individual PC in the entire network at any time. HDGUARD.master thus simplifies the following tasks: Ensuring the operability of a Client PC Monitoring of the protection status Sending an alarm to the Service Team in the event of security issues Activating, deactivating and configuring the hard disk protection system Automatic update of the HDGUARD Clients License key administration Energy saving

2012 RDT - Global

34

3.3
3.3.1

Basics
Screen View
The main window of HDGUARD.master is divided into a tree view (left) and a details view (right). Each of these views has a menu bar for quick access to frequently used tools. Slide over the menu buttons to get a tool-tip. The tree view presents all the HDGUARD Clients grouped by licenses or rooms and additionally shows a legend on demand. Using the threefold button located above the list view, you can switch between the licenses, room and yet not installed client. Next to the threefold button there is the HDGUARD.portal button represented by a student wearing a baseball cap. Above the details view there are a couple of tabs allowing to choose between details and options for the currently selected tree view item. Preferential that's the place to view client information or configure individual rooms. Below the detail view there are shown additional properties and data of the rooms, licenses and clients.

HDGUARD.master screen view with editorial annotations.

In the upper right menu area three icons show the connection status of HDGUARD.master. They provide precious information in case of malfunction. Their meaning is: The bolt indicates pending data transfer. By double-clicking the icon a list of pending transfers opens. The remote control informs about a remote connection's status. It turns colored as soon as a HDGUARD.remote connection has successfully been established.

2012 RDT - Global

HDGUARD.master

35

The plug indicates that the user interface was able to connect the HDGUARD.master services and reception and control of HDGUARD clients should now be possible. Additional information about the currently selected tree view icon is displayed below the tree view. The legend may be hidden later on to enlarge the tree view, but when beginning to use HDGUARD.master it will provide helpful additional information..

3.4
3.4.1

Options and Licensing


Password Protection
The menu item File | HDGUARD.master password opens the dialog for changing the password. You can specify a secure password for HDGUARD.master, which will protect the configuration. It is therefore impossible for third parties to gain remote access to the Clients or to deactivate the monitoring functions. Please enter the new password two times to confirm. Passwords are handled in a case-sensitive way.

3.4.2

Options
The Menu item File | Options opens the Options dialog. Here you can configure several aspects of the applications as well as the HDGUARD.remote 57 connection settings.

3.4.3

Licensing
The Menu item File | HDGUARD.master license opens the HDGUARD.master activation dialog. The license key to be entered is noted on your license notification. To enable activation, please enter the complete license key in the fields provided for this purpose.

2012 RDT - Global

36

If the license key is entered correctly, the font color inside the fields turns to green. In addition, information about the current licensing can be found in the menu Help | Info. The number of licensed Clients as well as the signature of your license key (the first five digits of the license key) is displayed in this dialog.

When purchasing license please remember to get both HDGUARD and HDGUARD.master licenses of the same amount. Otherwise HDGUARD.master will reduce its function automatically until the correct license amount of HDGUARD clients is established. Please contact a sales representative in case of doubt.

Store your HDGUARD and HDGUARD.master licenses at a secure place to avoid theft or abuse as that might devalue the licenses.

3.5
3.5.1

Controlling Client PCs


Options and Functions of Clients
There is a number of functions available for the control, maintenance and configuration of Client PCs. A complete list of the available functions can be displayed by right-clicking on the respective Client in the tree structure. Many features are available through the menu of the main window as well. Please note the tabs containing more options and information.

Menu of the main windows with tabs next below to it

2012 RDT - Global

HDGUARD.master

37

Context menu: all options of a client available at right click

Not all functions are available at all times. The options that are not available are shown as grayed out. This can happen, for example, if HDGUARD is active on the PC or if it's currently out of reach.

3.5.2

Special Notes
Deleting a Client PC In order to delete a client PC from the HDGUARD.master, mark the client in the tree structure. Click with the right mouse button on the client which has to be deleted, choosing delete from the popped-up content menu. Only computers that are not online provide this menu item. Client PCs that are still installed with HDGUARD will again automatically register with HDGUARD.master and will again be added to the tree structure. Start Client PC via Wake-On-LAN Clients that are switched off can be started up from HDGUARD.master via the network. The Wake-On-LAN function is used for this purpose. Select this menu item to start up a remote computer. Only computers that are not online provide this Menu item.

2012 RDT - Global

38

This function will only work if all components support Wake-on-LAN. Please find out more about the required precautions from your hardware manufacturers, in particular from manufacturers of the networking technology and the main boards of your clients. Shutting down a Client PC Using this menu item, Clients can be shut down from the Master computer. A security question only appears if applications are still in use on the Client and the Client can therefore not be shut down within a specified period of time. Rebooting a Client PC The HDGUARD Client PC can be restarted via the Menu item Restart or the respective button. A security question only appears if applications are still in use on the Client and it can therefore not be shut down within a specified period of time.

3.5.3

HDGUARD Options and Functions


Apply License To protect HDGUARD Client PCs with a password or to control them remotely, the license key for each Client PC must be entered. If you select this Menu item, a dialog opens in which you can enter a license key. This license key can be found in the licensing information, which is included with every HDGUARD.

Do not enter the license key of HDGUARD.master here, since it is not valid for the Clients!

Use drag & drop in the license tree view to assign an already known license. Activate Password Protection The HDGUARD client password protects the local HDGUARD configuration. If no password is set, any user can deactivate and reconfigure HDGUARD at any time. Passwords are verified in a case-sensitive manner.

2012 RDT - Global

HDGUARD.master

39

Passwords have to be verified in a case-sensitive manner.

Configuring Partitions Select the HDGUARD Client PC to be configured by left clicking on the License or Room overview. The current configuration of the Client PC appears in the right view window. The hard disks are listed from top to bottom and the partitions from left to right. By left clicking on the ^ - sign within a partition, the configuration options of the respective partition appear.

Clicking the arrow in the upper right corner of each drive grants access to the drive's properties.

By placing or removing a checkmark in front of the different usage categories of the partitions, they will either be set or removed. The System partition (most commonly Drive C:) should have the To protect usage assigned to it, since the Windows installation is found here.

2012 RDT - Global

40

Configuration of the HDGUARD Client is only possible when the HDGUARD Client is licensed and the HDGUARD password of the Client PC is known. Activating and Deactivating the Protection System Click on the respective button in the upper area of HDGUARD.master to activate / de-activate an HDGUARD Client PC, or select the Activate or De-activate entry from the right-click menu of the HDGUARD Client. Client Options Here you can configure several options that are already described in chapter HDGUARD 6 . Starting with HDGUARD 8.1 there is a new developed internet blocker. The white list for this new implementation can be configured exclusively by HDGUARD.master. IPv4 and IPv6 adresses will be handled separately. You can provide up to ten addresses for each protocol. Please test explicitly, which addresses have to be put into the white list. Local file servers and network printers will not be recognized by the new internet blocker.

3.6
3.6.1

Room Configuration
Rooms
A Room serves the purpose of grouping both Clients and other rooms. For example, a building is a (very large) room, which contains halls. A hall is a space, which contains the actual rooms. Thus you have the freedom to map and manage your entire application area by means of room management.

Management of the rooms takes place directly in the main view of HDGUARD.master. Functions for creating, renaming or deleting can be accessed using the right-click
2012 RDT - Global

HDGUARD.master

41

menu. Select an available room here in order to edit it. Left clicking on the list where there are no rooms removes any room selection that may have been selected, and gives the option of adding a new room via the right-click menu regardless of already existing rooms. Only licensed client may be added to rooms. Clients without valid license will not be shown in the room view.

It is possible to sort Clients within rooms, but sorting is not available for rooms themselves. Therefore, create the rooms in the respective sequence for applying a specific sorting.

3.6.2

Creating and setting up a room


To create a new room, right-click in the room list view. In the right-click menu that opens, select the entry New Room. If no room was previously selected, the room on the lowest level of the list will be added. To arrange a new room under an already existing room, the higher-ranking room must be selected and you must right-click on the respective room. By then selecting New Room from the right-click menu that follows, the room will be a child to the selected room. An input field is displayed in the list view, where the name of the new room to be created can be entered. A unique standard label is specified with New Room as the component of this specification.

Room names must be unique with respect to other room names and names of Client PCs within the network. Therefore it is recommended to name rooms after a hierarchic pattern. See the image below for an example of a unique naming pattern:

Properties of a room
Every room has properties that can be partially adjusted by the user of HDGUARD.master.

2012 RDT - Global

42

As a default, a background image is displayed for each room, onto which the HDGUARD Clients can be placed. This image and the representation of the image can be adjusted at any time. A room selected from the Room List by left clicking will be displayed in the right view window. The properties of the room are displayed under the view of the room. To protect the room configuration from unintentional changes, the room must first be put in the Editing mode to adjust the settings. Check the "Edit room properties" check box to put the room in the editing mode. If the view of the properties is minimized, the view can be enlarged by clicking the properties button in the upper area or by pressing the F3 key.

Room properties: select "Customizable" to arrange clients, define a background image and set up the teacher console

Background Image
A background image, which maps the HDGUARD symbol on a blue background, is pre-defined. Alternatively, an adjusted background image can be loaded. It can be individually defined for each room. Both Bitmap and JPEG files can be used as the background image. To create these, a commercially available image editing program, such as the Windows-based MSPaint (Start menu | Accessories | Paint) can be used. Thus, a room can be sketched out using simple media, and the HDGUARD Client PCs can then be placed in it. To load the respective image, use the "Background" button The default background image can be re-created at any time by pressing the Trashcan button next to the Background button.

Nominal State
Automatic monitoring of the Client computers can be designated for each room. Every security problem in the room can then be displayed on HDGUARD.master. The nominal state can be used to define whether all HDGUARD Client PCs of the respective room must have an active HDGUARD. If an HDGUARD Client PC does not comply with this setting, the room will be marked with a warning sign (symbol or ) in the list view.

Adding, removing and positioning HDGUARD clients


Drag & drop is used exclusively for managing the HDGUARD Client PCs within the rooms. Using Drag & Drop, objects can be grabbed (click and hold the left mouse

2012 RDT - Global

HDGUARD.master

43

button on the object), moved (dragged) and then again dropped at another location (release the mouse key). All HDGUARD Client PCs that register with HDGUARD.master are assigned to the pre-defined room called Default. As soon as a new room has been created, these HDGUARD clients can be added to the new room via drag & drop. To do so, left click the desired HDGUARD client in the room list view and hold down the mouse button. At the same time, more detailed information on the HDGUARD client is displayed in the right view window. Drag the mouse over the new room, into which the HDGUARD client is to be added, and then release the left mouse button. As soon as you have confirmed the security question, the HDGUARD Client PC will be assigned to the new room. From within the room, clients can be positioned on the background image. To do so, select the room to which the desired HDGUARD Client PC is to be assigned. The room and all of the HDGUARD Client PCs contained within it are displayed in the right view window. Activate the room for editing by clicking on the lock symbol in the room properties. HDGUARD clients can now be freely positioned on the background image of the room. It is also possible to drag an HDGUARD client in the room from the view window into a new room in the room list view via drag & drop. HDGUARD Client PCs can only be newly placed within a room if the room has been activated for editing.

HDGUARD Client PCs cannot be moved within the room Default.

Teacher Console
Activating the Teacher Console is done at the Room Properties page. Select a specific room in the room view to open the properties of a room and check the Teacher Console checkbox. The password field and further options become available then. The Teacher Console provides additional didactic features especially designed for the everyday life at school. This way, teachers may control PC usage and get their students attention.

Open the teacher-console at any PC of the room by right-clicking the task tray icon.

The Teacher Console can be protected by password. By entering this password, teachers are then able to control the following features for all PCs in the room: blocking screens blocking Internet control USB access wake computers (via Wake-On-LAN) shut down computers

2012 RDT - Global

44

For running a Teacher Console inside a room there must be version 6 or newer of HDGUARD installed across the entire room. Legacy versions cannot be configured with Teacher Consoles and therefore dont support the didactic features. The Teacher Console requires an HDGUARD.master server to be available at its usual IP address.

For HDGUARD 6 clients a Teacher Console add-on - which has to be installed separately - is required to support HDGUARD.master 7. That add-on is available for download at our website: www.rdt-global.com (browse to download area)

3.7
3.7.1

Monitoring Functions
Teacher Console (client side)
Using the Teacher Console
The HDGUARD product family offers a handy utility function called Teacher Console. It can be configured by HDGUARD.master and is available at each computer of a room then. How to activate the teacher console for a certain room is described in section Room Configuration 43 above.

Right-clicking the HDGUARD start bar icon grants access to the Teacher Console.

Then right-click the Teacher Console icon to set up and use the Teacher Console

If your room configuration contains a password for Teacher Console access, the teacher has to type it in, before Teacher Console window opens. Teacher Console holds the password in memory until the complete application (window and tray-icon) is closed! Lock Screen Lock all student screens in the class to attract the students attention. Block Internet The students will not be able to download web pages while Internet is blocked. Disable USB Storage
2012 RDT - Global

HDGUARD.master

45

Deny access to USB (like MP3 players). Wake-On-LAN Power on all PCs in the class (very convenient for administrators, too). Shut Down After the lesson all PCs can be shut down using the Teacher Console.

The Room Map


Move your mouse cursor over the HDGUARD start bar icon to pen the Room Map. It can also be found inside the context menu when right-clicking the icon.

Click the icons to activate each didactic feature for the whole room or (since HDGUARD version 7) for single clients.

3.7.2

Room Information Window (master side)


HDGUARD.master provides Administrators with an overview of all HDGUARD-protected computers within the network. It is also possible to automatically monitor and report existing security problems relating to the room. To this end, determine within the properties of a room the nominal state of the Clients placed there. As soon as the nominal state of a room is set to active, the HDGUARD Client PCs within the respective room will be monitored. HDGUARD Client PCs that do not comply with the nominal state are registered by HDGUARD.master and added to a list with corresponding instructions. Using an additional form (press F6 or select View / Room Information Window), the respective computers that then become conspicuous can be displayed. The computer names, the assigned room and the status at the time are itemized within the list. If the status of the respective Client should change, this will be updated on the list immediately, or the Client PC will be removed from this list if it complies with the nominal state of the room.

2012 RDT - Global

46

It is possible to sort the list by clicking on the column labels.

The transparency of the list can be adjusted using the scroll bars, so that HDGUARD.master, which may be located in the background, continues to be visible.

To keep the List Window in the foreground despite the work taking place within HDGUARD.master, place the respective check select in the lower right corner of the List form.

3.8
3.8.1

Remote-controlled HDGUARD Installation


Preparation
Using HDGUARD.master it is possible to install HDGUARD remotely on a Client PC located in the network. A few requirements must be met in order to accomplish this: HDGUARD.master must be able to find the Client PC in the network; HDGUARD.master therefore searches the Windows network and lists all of the Client PCs found in the third list view provided (Other Clients view). The Client PC must have Windows 2000 or Windows XP including Service Pack 1 installed. Since Service Pack 2 Windows has restricted the remote abilities. Clients therefore must be prepared by setting a Windows Registry value. Please set the following DWORD value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients = 0 It must be possible to remotely access the Client PC via WMI. The administrative standard share (C$) on Drive C should be available and the user who is handling the remote installation should have both read and write rights. The user who is handling the remote controlled installation must have a password. Folder HDGUARD_RemoteSetup should be created and being shared over the network. The drfault path of the folder is C:\HDGUARD_RemoteSetup . Service "Remote Admin" should be started on the target PC. Just open an administrative console and type in : netsh firewall set service remoteadmin enable

2012 RDT - Global

HDGUARD.master

47

3.8.2

Installing HDGUARD remotely


Work Group View in HDGUARD.master
Using the button above the list view, you can switch to a view in which all of the Client PCs found in the network are listed (if not already registered with HDGUARD). The Client PCs are listed within the groups, sorted by work group or domain. Choose "scan network" from the context menu, to open the dialog shown below:

Besides the usual "Enumerate the network neighborhood" option, a powerful IP scanner is available. Utilize it - with some expenditure of time - and it find all PCs of a certain IP range which aren't yet equipped with HDGUARD. If information about the status of the PC is available, this will be displayed, as soon as the Client PC is selected by left clicking in the list view. A selected Client in the list view, which has been started up, can be remotely installed by using the right click menu. In the right-click menu of the group or of an individual Client PC, it is possible to ping the Client(s). This checks whether the PC is connected and reachable within the network. There is no inspection to see whether the Client is located in the correct work group!

Updating the list can sometimes be quite time consuming, since it takes a considerable amount of time to search the Windows network.

Form for remote installation


To carry out a remote-controlled installation, a valid user name and password must be entered in the input fields provided for this purpose. The user must have Administrative permissions to the PC undergoing the installation. By entering the users password, the Connect button is activated, which allows the installation to begin. The course of the installation is displayed within the status box. Lines selected green indicate a successful partial stage, while red lines indicate a partial stage that failed. Lines in black indicate the process step currently being carried out.

2012 RDT - Global

48

Activating the Connect button by entering a password for the user does not mean that a correct password was entered. Please observe the respective error messages.

Advanced settings for remote installation


Remote-controlled installation is a relatively complex function, which can save you a considerable amount of work. It can be configured in detail in the event that the target computer is not being operated with the standard configuration. HDGUARD.master offers the following additional options for configuring the remote-controlled installation. Share to the network computer being installed: If the administrative standard share has been removed for reasons of security, another share must be entered here. The setup package of HDGUARD is copied into this folder, so that it can then be carried out remotely. Local path of the files to be installed: This path points to the sub-folder RemoteInstall in HDGUARD.master directory as a default. HDGUARD.master downloads the current setup of the HDGUARD Client software into this folder automatically during an online update. Relative path for share on the network computer: The relative path for the share is used when copying the required setup files. Using this input option, a sub-folder within the share - or even a new name for the setup files to be copied - can be used. All folders that are temporarily created by the remote-controlled installation will be deleted after setup is complete. Local path of the application to be installed on the network computer: Programs that are remote-controlled on the Client PC via WMI must be specified with a local path on the network computer. Since a release does not need to relate directly to a root drive, specification of the path is imperative for localizing the files to be executed. Wait for the end of the application execution: To restart the computer following the completion of setup, you should wait until setup is finished.

2012 RDT - Global

HDGUARD.master

49

If this checkmark is not set, the installation will be reported back as successful immediately after starting the installation on the Client PC. Restart network computer after successful installation: Some installations, such as the HDGUARD installation, require a restart in order to carry out final changes. A message is issued on the Client PC indicating that the PC will be restarted by the Administrator. The user on the computer will be notified of these 30 seconds before the restart.

3.9
3.9.1

HDGUARD.master and HDGUARD Updates


Update via the Internet
New versions of HDGUARD.master or the HDGUARD Client are made available on the Internet on a regular basis. To check for possible Internet updates, select the Menu item Help | Online Update and follow the instruction of RDT Update Service. All updated files will be downloaded to the HDGUARD.master directory. Depending on the connection quality, downloading version information can take several seconds and the download of updates can take from several minutes to up to a half hour.

The information on the various mirror servers can vary within the course of a day, since synchronization takes place only once per day.

2012 RDT - Global

50

All files will be cached locally, and therefore will be available for deferred updates without downloading again.

3.9.2

Applying updates
HDGUARD.master Update
After the update for HDGUARD.master has been downloaded, an inquiry dialog is displayed. If you acknowledge this dialog positively, HDGUARD.master will be terminated, the update will be carried out and the updated HDGUARD.master restarted.

Updating HDGUARD Client PCs


After downloading the new version has been completed, a gold exclamation select appears next to all HDGUARD Client PCs that require updating, and the update function is available from the right-click menu of the respective HDGUARD Client PC. To update an HDGUARD Client PC, a license or a room with the new version of HDGUARD, select it in the list view using the left mouse button. Right-clicking on the selected item will open the right-click menu; select Update from this menu. The HDGUARD Client PC to be updated, together with its information and the version history of HDGUARD, will then be listed in the update form that opens. Start the update of the Client PC by clicking the Update button on the lower right edge. By selecting the menu item Update from the right-click menu of a Room or a License, all HDGUARD Client computers of the respective group will be added on the list of the PCs to be updated in the online update. By entering a checkmark in front of every Client, they will all be updated when the Update button is confirmed.

3.9.3

Proxy-Server
The Internet options of Windows are used for Internet access via Proxy Server. These settings can be found under Start | Settings | System control. Select the Connections register here and configure the LAN settings according to your network and Proxy Server. This setting complies with the options of Internet Explorer. You therefore only need to make this setting one time either in the IE or in the System control.

3.10

Script Control
The scripting support provided by HDGUARD makes it possible to deactivate and/or activate HDGUARD protection on a Client PC programmatically from within batch files or via command line. This provides for remote-controlled or time-driven installation of new data and files. With scripting you may easily realize

3.10.1 Introduction

2012 RDT - Global

HDGUARD.master

51

Virus-Definition updates Program installations Clone-Software / Imaging integration Automated software distribution Script-based actions

3.10.2 Scripting Safety


HDGUARD.master generates an encrypted scripting key from your HDGUARD password. This scripting key is handed over to the command line program hdscript.exe. That command line program is part of each HDGUARD installation. Scripting is recommended for Administrators with experience in using command line only. How to create the Script-Key: Open HDGUARD.master and select Help | Password-Encoder for Scripting from the menu-bar. Keys generated with HDGUARD.master 8.1 and newer can only be used with HDGUARD 8.1 and newer.

3.10.3 Important notes


Taking time for execution into account
HDGUARD needs actual time to complete and execute the changes you make through the script. It may even need to restart the computer; therefore you must ensure there is an appropriate amount of time allowed in your script. Please set your scripting tool to use sequential execution also. If the used scripting environment can't do sequential execution, please consider using following alternative:
start /wait /D"%HDGUARD%" hdscript.exe [Parameter] "SkriptKey"

3.10.4 Script Functions In Depth


For script based configuration, the file hdscript.exe can be called with one of the following parameters.

ON / OFF (Activating and Deactivating HDGUARD)


Function: You may activate and deactivate HDGUARD by using the ON/OFF parameter. Syntax:
hdscript.exe ON/OFF "ScriptKey"

Example:
hdscript.exe OFF "030030F0904A8363975D171BF60C45B99F43CD1E472534950.."

2012 RDT - Global

52

iOFF (Applying changes to current session)


Function: If you would like to apply all changes made in a current session you would use Instant Off command, iOFF. Syntax:
hdscript.exe iOFF "ScriptKey"

Example:
hdscript.exe iOFF "030030F0904A8363975D171BF60C45B99F43CD1E47253495.."

LIC (Licensing HDGUARD)


Function: You may apply a license key to a client by using the LIC parameter. This license key must be in the form of a .ser pack file generated from hdserpack.exe. If you do not specify a file, hdscript will search all root directories on all drives for the file. Syntax:
hdscript.exe LIC [license file] "ScriptKey"

Example:
hdscript.exe LIC "c:\client.ser" "030030F0904A8363975D171BF60C45B99F4.."

Important! Always keep a SER file in a safe place. Remove it from any hard disks or other kinds of storage immediately after use. The SER file might be subject to license theft, and thus - if violated - may cause invalidation of your license key.

PROT / SWAP / HIDE (Defining HDGUARD configuration)


Function: PROT: sets which partition you wish to protect. In most cases C: SWAP: sets which drive to host the swap file, also C: in most cases. HIDE: sets a hidden partition. You may set HDGUARD configuration settings using the PROT, SWAP and HIDE parameters. First decide on whether you will use a hidden partition or a swap file for your HDGUARD hidden area, and choose the appropriate command SWAP or HIDE. It is recommended to use a swap file located on the system partition (usually C:). When using these commands you must use a third parameter stating the drives/partition to use. This can either be a set of numbers a-b, where a is the physical drive starting at 0 and b is the partition starting at 1; or it can be a drive letter, eg. C: Eg. to protect the first partition on the first drive, use 0-1 or use C: Use ON for protection and OFF to remove the setting, so it is not protected. Syntax:
hdscript.exe PROT [drive/partition] ON/OFF "ScriptKey"

Example 1a: (set C: to be protected)

2012 RDT - Global

HDGUARD.master

53

hdscript.exe PROT C: ON "030030F0904A8363975D171BF60C45B99F43CD1E47.."

Example 1b: (same as above, but using partition numbering)


hdscript.exe PROT 0-1 ON "030030F0904A8363975D171BF60C45B99F43CD1E4.."

You need to call this function multiple times to protect multiple partitions. SWAP and HIDE specify where you want your Hidden area to direct changes. The syntax for these commands is similar, use SWAP for a swap file or HIDE for a hidden partition. The partition you use for HIDE will be formatted without prompt. Syntax:
hdscript.exe SWAP/HIDE <drive/partition> ON/OFF "ScriptKey"

Example 2a:
hdscript.exe SWAP C: ON "030030F0904A8363975D171BF60C45B99F43CD1E47.."

Example 2b:
hdscript.exe HIDE 0-2 ON "030030F0904A8363975D171BF60C45B99F43CD1E4.."

Drive letters must be provided in upper case!

PASS (Setting client passwords)


Function: Due to security reasons, you may only set a password on a client if the client has not already had a password set. Only HDGUARD.master can change a password remotely. The password to set should be transferred as a script key, encoded as above. Syntax:
hdscript.exe PASS "NewScriptKey"

Example:
hdscript.exe PASS "030030F0904A8363975D171BF60C45B99F43CD1E47253495.."

USAGE (Query Swap-File usage)


Function: Query the HDGUARD's swap file usage, by returning a percentage value as status/error code. This enables batch file decisions. A scripting key is not required here. Syntax:
hdscript.exe USAGE

Example:
hdscript.exe USAGE

Spaces and Special Characters


If you have spaces or special characters in your script, in for example the program paths, then you should enclose them in double quotation marks, ". Some scripting tools don't allow | (the vertical bar) as a character in the script key, so you must enclose the script key in " also.
2012 RDT - Global

54

For example:
"C:\Program Files\RDT Global\HDGUARD\hdscript.exe" ON "ScriptKey"

3.11

Remedying Errors
The communication between HDGUARD.master and the HDGUARD Client PCs functions by means of a customary network being based on the TCP/IP protocol. However, certain properties of the network are required for the proper transmission of data between HDGUARD.master and the HDGUARD Clients, as described below. These are particularly relevant in networks that have active components.

3.11.1 Network

Client network-messages
The Client computers register with HDGUARD.master with a multicast message that can be seen across the network. How broadly this message penetrates the network depends on the topology of the network. In case your network consists of several partial networks, which are connected by active elements such as switches or routers, these elements represent a type of barrier which ensure that internal messages do not get to the outside. If you want to control HDGUARD Client PCs in remote partial networks as well, it is necessary to clarify how far the messages of the Client computers penetrate the network. Another type of barrier are firewalls, which purposefully prevent certain communications. HDGUARD.master - since version 7 - optionally connects to distant networks, if equipped with another HDGUARD.master. The descriptions discussed above don't apply to those remote connections. Please find further information in section HDGUARD.remote 57 .

Switches and Routers


An essential reference number for the penetration level of the messages is the Time to Live (TTL) value. This value is set at three (TTL = 3) by HDGUARD.master and the Client components. The TTL corresponds to the number of penetrable active elements in your network, minus one. Thus, the network can be penetrated up to a depth of two active elements.

The remote HDGUARD Client 1 cannot reach HDGUARD.master, because communication via the switch or router designated with 1 is prevented. Client computer 2 is closer to HDGUARD.master, and can therefore reach it.

Routers and switches are active elements. They could possibly manipulate the TTL,

2012 RDT - Global

HDGUARD.master

55

which is why both must be configured in absolute accordance with their manufacturer-based documentation. The Multicast is used for communications between the HDGUARD Client PC and HDGUARD.master, on the basis of TCP/IP. The active components must therefore be able to transmit Multicast data packets (IGMP / ICMP), which is normally the case.

3.11.2 Other Sources of Errors


Online update does not work
When downloading update version information, the following error message appears: Connection to the Internet interrupted. Remedying the error: Check your Internet connection and log on to the Internet again, if necessary. or If using a Proxy Server, please enter the required settings in the options.

Connection error when clicking a client


A client is signaled "online" within HDGUARD.master. When clicking it, a connection error is reported and the client's status becomes "offline". Cause: The client has been switched of eventually, or communication has been interrupted. Remedying the error: Verify the PC is turned on. Check if firewall software is enabled on the client, as it's the common (default) case for Windows XP. Ensure the client fulfils the complete ICMP protocol, especially grants echo/ping answering.

Clients don't appear


If clients don't appear in the tree view of HDGUARD.master, this commonly is due to faulty network connection or topology. The most common reasons are: Usage of a cross-over cable (direct connection) Cross-over cables and direct connections between PCs are not supported. Bad configured network rooter or switches Please consult the previous chapters about switches and routers. Incorrect firewall settings Please read the chapter about firewall settings Reboot the PC By shutting down and restarting the PC, all system components will be initialized again. Hence by rebooting other accumulated software failures can be eliminated.
32

2012 RDT - Global

HDGUARD.remote

57

HDGUARD.remote
With HDGUARD.remote two distant HDGUARD.master installations may be connected in a way both are acting like a sole application. Each of both installations in this case will be responsible for handling the HDGUARD clients around next to it. The remote feature can be activated by entering an HDGUARD.remote license key at the license dialog of HDGUARD.master. After entering the license you may configure a remote connection (i.e. IP, port and password), which will then be established immediately at each reboot of the PC. To configure the remote connection, select File | Options from the menu.

4.1

Basics
HDGUARD.remote allows for connecting two or more HDGUARD.master installations via TCP/IP, hence over the Internet. Configure HDGUARD.master with IP and port of another HDGUARD.master installation to establish a connection. As soon as the connection is established all clients of the network appear and can be administered. The remote connection is bound to a license key meaning each HDGUARD.master being part of a remote connection must have been configured with the same license key. A typical remote connection is shown below:

The Remote-PC (1) can't connect the HDGUARD clients directly, but receives all information via HDGUARD.remote from the Local-PC (2). The cloud encloses a normal LAN. HDGUARD.remote connection allows to traverse the LAN barrier with safe RDT technology easily. The structure shown above is expandable by clients and LANs with nearly no limit. Installing such a remote connection is very simple as long as one of the PCs has a public IP. Above schema would have been installed after the following steps: Example of installation (stepwise) 1) Installing HDGUARD.master on PC 1 2) Configuring PC1: 2.1) Enter HDGUARD.remote license, select from the menu: File | HDGUARD.master license
2012 RDT - Global

58

2.2) Enter HDGUARD-Lizenzen, select from the menu: File | HDGUARD license 2.3) Enter the IP of PC 2. As port the default value of 25652 is configured. Select from the menu File | Options | HDGUARD.proxy 3) Installing HDGUARD.master on PC 2 4) Enter HDGUARD.remote license, select from the menu: File | HDGUARD.master license All HDGUARD clients may now be administered at PC 1 and PC 2.

4.2

Types of remote connections


A remote connection can be established between two HDGUARD.master installations. For this purpose it's required for both HDGUARD.master to be licensed equally and a TCP/IP route can be established. It's possible to chain many HDGUARD.master consecutive or to connect many HDGUARD.master to a public one. The schema below clarifies the options:

In most situations a hierarchical connection of HDGUARD.master instances is advisable (left schema) to reduce latency and configuration efforts. The three lower PCs all establish a connection to the public WWW-Server above them. Only the WWW-Server accepts incoming connection. All 4 PCs are using the same HDGUARD.master dataset. Inside a LAN (e.g. between two buildings of a site) also a consecutive (i.e.: serial) chaining could be advisable, too (see right schema). Both schemas may be mixed, but it's for sake of robustness and speed always recommended to keep connection paths as short as possible (i.e.: don't have to many PCs in a chain). What topology to use is in the administration team's discretion. Please note again that all PCs and Servers on the above schemas are equipped with an absolute normal HDGUARD.master installation. Merely the given HDGUARD.remote license activates the remote-feature configuration.

2012 RDT - Global

HDGUARD.remote

59

4.3
4.3.1

Security
Passwords
Access control of each HDGUARD client happens with client passwords. An administrator with access to HDGUARD.master is able to control only those clients which passwords he's aware of. This circumstance guarantees a really simple but fine grained access control. Different sections of a company or school can be assigned to different administration teams utilizing the password concept. Simply define a unique password per company section. HDGUARD.master has a password memory valid for a session (until the application gets terminated). A once entered password will be remembered until the end of the session and therefore doesn't have to be reentered again. Known passwords will be used for all matching clients. Same applies for the HDGUARD.master password used for protecting the user interface. Hint: use equal passwords for HDGUARD.master and HDGUARD clients in order not to be asked for the clients passwords separately!

4.3.2

Licenses
HDGUARD.master autonomously finds licenses used in the local environment. Distant licenses in contrast become visible after their license key has been entered.

4.3.3

Data transfer
For security reasons the remote communication of HDGUARD.master can optionally be encrypted with a 256 bit AES encryption. Activate this encryption on demand inside the HDGUARD.master options dialog. Independent of the optional AES encryption all security relevant information (like license keys and passwords) are strictly encrypted using a proprietary technique, so it will be unreadable for third parties even on an unencrypted communication.

2012 RDT - Global

Glossary

61

Glossary
Cloning Cloning is described as the distribution of a hard drive image to another computer. This time-saving installation method is preferred in network environments. HDGUARD can be integrated into a hard drive image and transferred via cloning. To do so, HDGUARD must first be deactivated and the computer must be rebooted once. Defragging By defragging, files are arranged on the storage device in such a way that they can be read and written faster. Files often consist of several fragments, which are scattered on the hard drive. When defragging, these file fragments are consolidated. The speed of hard drive access is increased primarily by the fact that the Write/Read head of the drive covers less distance. File system The file system of a drive allows the data to be stored in the form of files and folders. A file system describes the logical arrangement of the data on the data carrier. HDGUARD area Files that are needed to restore the system are stored in the HDGUARD area. This pertains either to the Swap file or to the HDGUARD partition. The size of the HDGUARD area is generally several gigabytes, since large volumes of data are stored there, sometimes for long periods of time. HDGUARD partition With Windows 98, ME and NT4, HDGUARD requires its own partition, which functions as the HDGUARD area. With Windows 2000 and XP, it is advisable to use a Swap file. HDGUARD.portal This extension of the HDGUARD.master is simplifying user management in Windows Active Directory Domains. It's currently available in German language version of HDGUARD.master only, but is planned to be made available as soon as possible to the international markets. HDGUARD.remote Extension of HDGUARD.master is connecting several HDGUARD.master installations. This way serveral distant networks may be managed from a single HDGUARD.master installation. HDGUARD Swap file A swap file is used for the interim storage of data. HDGUARD records all changes to protected drives in a swap file. The advantages of a swap file compared to the HDGUARD partition are: Easy cloning of HDGUARD-protected systems. The size of the HDGUARD area can be easily adapted to the requirements of the software and users. No special preparation is needed for the HDGUARD installation. Original (default) state In this manual, the original state is described as the state of the protected hard drives
2012 RDT - Global

62

that existed at the time of activating the hard drive protection. Depending on the mode of operation of HDGUARD, this original state is either automatically or manually restored each time the computer is restarted.

2012 RDT - Global

Index

63

Index
-AActivating HDGUARD 15 address book 28 Anti-virus software 19 Application Data 24 Application Programs 22 Apply Changes feature 16 Apply License 38

-Hhard disk images 4 HDGUARD Partition 8 HDGUARD Swap File 8 HDGUARD.master 31 HDGUARD.master Update 50 HDGUARD.master usage 33 hdserpack 52

-IIcons 11 install HDGUARD remotely Installation 4, 31 46

-Bbackup copies 4 basics 57 Block Internet 44 Burning programs 22

-LLicense 9 License key 35 licensing 35, 59 Lock Screen 44 Login 10, 20

-CCD writer 22 Cloning 4, 61 Color Configuration command line 50 Cookies 12, 24 35

-MManagement of the rooms Microsoft Exchange Server Microsoft Installer 5 My Documents 12, 24 40 24

-DDeactivating HDGUARD 16 Desktop firewalls 19 Desktop Icon 11 Disable USB Storage 44 Domain controller 24 Drag & Drop 42 DVD writer 22

-OOperating Systems 3 Options and Functions of Clients Outlook 29 Outlook Express 28 36

-EEject USB devices automatically e-mail accounts 29 E-mail Programs 27 Entering a license 9 Expert Settings 35 10

-PPartitions 38 Password 9, 35, 38 Password Protection 38 Password-Encoder 51 passwords 59 Positioning of the HDGUARD Clients Properties of a room 41

42

-FFavorites 24 Favourites 12 Firewall 3, 19 firewall settings

-QQuick Launch 32 11

-RRead only
2012 RDT - Global

64 remote basics 57 remote connections 58 remote security 59 Room Information Window Room Map 45 Rooms 40

45

-SSaving Application Data Screen view 14, 34 Script-Key 51 security 59 Seminar Mode 15 Service key 9 Shut Down 44 Signature 35 Software Test 15 Splash screen 11 Start menu 11 status window 11 Support 13 Swap File 8 24

-TTeacher Console To protect 8 Trial version 35 43, 44

-UUpdate Tasks 20 Update via the Internet 49 Updates 10 Updating HDGUARD Client 50 USB devices 10 USB drives 10 USB protection 10 User Folders 12

-VVisibility 11

-WWake-On-LAN 44 Windows 2000 3 Windows 98, ME and NT4 Windows Vista 3 Windows XP 3 Work Group View 47 3

2012 RDT - Global