Version 7.3

  • New CLI commands:
    • application certificate show activation (display only ikserver.crt details)
    • application certificate show all (display all certificates details in order ikserver.crt, server.crt, issuer.crt)
    • application certificate show issuer (display only issuer.crt details)
    • application certificate show server (display only server.crt details)
    • application database version (display On-Prem database version)

  • Improved CLI output for 'application healthCheck' command

  • Support For Ironkey D300SM - IronKey EMS On-Prem now supports the new IronKey D300SM device. Designed for business-grade security, the D300SM is an encrypted USB 3.0 drive that is FIPS 140-2 Level 3 certified and TAA compliant.

  • New Activation Email Template Variable - “Policy Name” variable has been added to activation email templates.

  • ‘Last Used’ column added to Device List table on Manage Devices page

  • Silver Bullet Access Controls policy option is now set as Active by default in the Add Policy template on the Manage Policies page. Existing policies are not affected by this change.

  • New link Managing S100 and X200 devices have been added to Add User, Add Device, and Add Multiple Users dialogs for quick instructions on how to manage legacy S100 and X200 devices.

  • Minor fixes and stability improvements


Known issues:

  • 'application healthCheck' command may fail to detect whether database server encrypted network connections are forced.  The "DB connection encryption is:" result will be blank and "Checking database connection" will be "[UNKNOWN]".  Please verify the SQL Server Configuration Manager network configuration "Force Encryption" is set to NO for the On-Prem database.

  • 'service [stop|start|restart] appserver' command should not be used with an ssh session as it will cause some processes to incorrectly exit when the ssh session is closed.  Workaround: Either use the VM Console or 'sysconf reboot'.


Version 7.2

  • Support for DataLocker SentryONE - IronKey EMS now supports the new DataLocker SentryONE device. Designed to be compatible with both IronKey EMS and DataLocker Safe-Console, the SentryONE is an encrypted USB 3.0 drive that is FIPS 140-2 Level 3 certified and TAA-compliant. For more information, see the SentryONE User Guide.
  • Pre-registration for Sentry and D300M devices - Added a method to pre-register Sentry and D300M devices. While adding a user or device, if the ‘Pre-Register Device’ box is checked, the admin is able to register the device on the EMS server before giving it to the end-user.
  • Only Allow Admins to view Recovery Code - Added a device policy option to only allow admin users to view password recovery codes for Sentry and D300M devices. Sentry and D300M device users with this policy option enabled will not require an online account, skipping this step during activation. These users will not be able to view the recovery code directly. It must be provided by an administrator. When initiating password help, no email will be sent - the device will be treated as if it does not have an online account.
  • Editable Serial Number - Serial Numbers for Sentry and D300M devices can be edited on the Device Profile page. Email notification for events - Alerts feature is now available for all accounts. This feature provides email notifications to Admin users about important events. Admins can set up an alert to receive a daily message summarizing the events that have occurred in the last 24 hours or receive a selected report.
  • Web login security - Added additional security for two-factor web-based login. Ten invalid Access Code entries will result in a one-hour lockout when attempting to log in to the IronKey EMS Admin Console.


Version 7.1

  • Admin Web-based login for all accounts - including those upgraded from version 6.1 or earlier. You will have the option of adding a user with authentication type ‘Username & Password.’The first time this is done, you will be prompted to create the Default User Policy. 
  • Approve legacy device admins from the user profile - Previously, approval of S100/X200 admins could only be performed from an existing S100/X200 admin device. Now, any existing system admin can approve S100/X200 users as admins by going to the user profile and clicking ‘Approve Admin.’ Note: This grants the new admin device access to the Admin Console, but not Admin Tools (used for S100/X200 device recovery and recommission). If you wish to grant Admin Tools privileges, please use an existing legacy device admin to perform Admin Approval.


Version 7.0

  • Support for IronKey D300M and Sentry EMS - IronKey EMS now supports the new IronKey D300M and DataLocker Sentry EMS device. Designed for business-grade security, the D300M and Sentry EMS are encrypted USB 3.0 drives that are FIPS 140-2 Level 3 certified and TAA-compliant.
  • Two-factor authentication for Web-based login - Admins who use Web-based login will authenticate using their user name and password, and also be required to provide an Access Code (2FA), sent in an email message.
  • Improved CLI output for several commands


Version 6.1

  • Force Update - Available in Server for use with the latest release of the 250 device Series(version 3.5.0.0). Controlled by the device policy, you can now force users to update their devices to the latest approved software release. 
  • Password Reset (user-initiated) - Users can now reset their password without having to contact their administrator or Help Desk if they forget it. you set this feature in the device policy. It will be enabled by default for new device policies. For existing policies, this setting will not be enabled by default.
  • Online Account enabled for Standard Users - All Standard Users can now have an online account. An online account is required to use the Password reset (user-initiated) feature. Online Account Access is set in the device policy. For new policies, the default setting is “AllUsers”. For existing policies, this setting will be set to “Admins Only”. you can modify an existing policy to enable online account access for all users. Standard users must update to this policy to create an account.
  • Two Default Activation Email templates - One for Storage devices and the other for Workspace Devices. you can customize the content in these templates according to company requirements.
  • Changes to User Profile page - recommissioned devices in the Devices list will be hidden by default. The “View” list includes “Current Devices” (default setting) and “All Devices”. A Current device still uses an active seat license and can be in one of the following states: Disabled, Pending recommission, Awaiting detonation. The “All Devices” view will also display recommissioned and Detonated devices.
  • Delete Device option is now available on the Device Profile page
  • A new “Where” column in downloaded reports now matches the on-screen view and includes city, state, and country.


Version 6.0

  • Support for H350, S1000, and IronKey Workspace W700-SC devices.
    • H350 devices are FIPS 140-2 Level 3 certified, USB (Universal Serial Bus) 3.0 hard drives with built-in password security and data encryption. For more information about the device, see the DataLocker H300/H350 User Guide.
    • S1000 devices are USB 3.0 portable flash drives with built-in password security and data encryption. For more information about the device, see the S1000 User Guide.
    • Workspace W700-SC is a trusted, FIPS 140-2 Level 3 certified, secure USB flash drive that features XTS-AES 256-bit hardware encryption. Additionally, the W700-SC supports device authentication using a smart card. When paired with your device, you can securely unlock your workspace using your smart card and Personal Identification Number (PIN). Certified by Microsoft as a Windows To Go device, the W700-SC is a secure, personal workspace. It is capable of using all host system resources on host computers that are certified to run Microsoft Windows® 7.0 and higher and qualified Mac computers. For more information about the device, see the IronKey Workspace W700-SC User Guide.
  • Enterprise Dashboard Events table-The table now includes a column for Devices. Admins can sort by the Device column to view all events for a specific device. Also new is custom encryption. 
  • Email notification for events-The Admin Console includes a new Alerts feature. If purchased and enabled for your EMS Account, this feature provides email notifications to Admin users about important events. Admins can set up an alert to receive a daily message summarizing the events that have occurred in the last 24 hours.
  • New group selector when adding a user-When you create a new user, you can now add the user to a group using the group selector. System Admin users can add the user to any group. Admin users can only add users to a group to which they are also a member.


Version 5.2

  • Support for H300 devices. H300 devices are USB portable hard drives with built-in password security and data encryption. For more information about the device, see the DataLocker H300/H350 User Guide.
  • Support For Ironkey Workspace 4.3 - Admins are now able to use the device recovery Silver Bullet to unlock the secure operating system (OS) partition on the device. If a user experiences issues with the Windows OS, Administrators can now try to troubleshoot and repair these issues or recover files by accessing the OS partition. See "Recovering devices" on page 62.
  • A new device update is available to upgrade the device firmware and software on devices running IronKey Workspace version 4.2. Admins will also need to update the Control Panel application in Windows To Go.
  • IronKey Workspace 4.3 devices also include the following features:
    • Device activation on a Mac operating system.
    • Support for a multi-lingual keyboard layout in the Preboot environment when booting Windows To Go.
    • Updates to the IronKey Workspace Startup Assistant to increase the number of host computers it can configure to boot from a USB device on startup. The application is available on the device (W500/W700) or as a standalone application (available as a download from datalocker.com).
    • Support for DataLocker and IronKey secure storage devices in Windows To Go; for a complete list, see Supported Device Models. Users can save data to the secure storage drive while booted in Windows To Go. When using a storage device while booted in the secure Workspace, two Control Panel icons will display in the Windows system tray, one to manage the secure storage device and the other for the IronKey Workspace device.


Version 5.1

  • IronKey EMS On-Prem supports IronKey Workspace W700 devices. IronKey Workspace W700 Windows To Go solution has FIPS 140-2 Level 3 certification and features AES 256-bit hardware encryption. you can centrally manage and deploy these devices with IronKey EMS On-Prem.


Version 5.0

  • IronKey EMS On-Prem supports IronKey Workspace W500 devices. IronKey Workspace W500 is the Windows To Go solution that is protected by hardware encryption. you can centrally manage and deploy devices with IronKey EMS On-Prem.