DataLocker PortBlocker 1.2

Mass Deployment



Installation

The portblocker_setup.exe installer will deploy three key parts to the target workstation.  The three parts consist of a Device Driver, Windows Service, and a Windows Application that the user can interact with. Installation will require local admin privileges to complete the process, and is recommended to run as the system account to avoid UAC prompts. When calling the installer the /S switch can be used for a silent installation on new installs and version upgrades. Once PortBlocker is installed, all mass storage type devices will be blocked. Installation deployment can be done with a simple startup script, like the example below, or with third party tools.


Registration

Registration is needed before devices can be whitelisted. When registration parameters are successfully passed to the installer, PortBlocker will automatically register after installation.  The switches used for registration is as follows: 


/S: hides the notification that PortBlocker is already installed


/url <SafeConsoleConnectionToken>: the SafeConsole connection token


/eula 1: Accept the end user license agreement on behalf of the user


/NORESTART : Prevents the machine from restarting automatically after the installation is completed. 


/user <UniqueToken>: OPTIONAL, register the PortBlocker Install to a specific user already in SafeConsole. 


It is recommended that the SafeConsole Server be configured with both unique token and admin approval disabled. This will allow a simple registration process for the end user.  


Requirements

PortBlocker 1.1 Installer exe


Windows 10 and Windows 7


SafeConsole Connection Token, ex: https://server.safeconsolecloud.io/connect


Public server share to host installer, ex: \\nas\share\portblocker_setup.exe 


Example

Save this PowerShell script then link it to a group policy by going to Group Policy -> Computer Configuration -> Windows Settings -> Scripts -> Startup. 


*Note*  Windows by default restricts execution of PowerShell script. However, this execution policy will not need to be changed for deployment as the script will execute with the privilege of the local system account. When testing the script locally, the PowerShell execution policy may need to be modified. For more information see Microsoft's documentation.



# This Example script is intended for local execution by means of a startup script. This will allow the script to execute as the local system account.


# Location of exe, such as a public network share
Set-Variable -Name "installer" -Value "\\nas\share\portblocker_setup.exe"

# SafeConsole Connection URL
Set-Variable -Name "safeConsoleURL" -Value '"https://server.safeconsolecloud.io/connect"'

# Manually specify which version to update to. This can be found by right clicking on the installer exe and 
# clicking properties and going to details. Example String would be "1.0.0.99". If not defined, this script will
# automatically pull the version number from the installer, this can slow down execution and is not recommended for
# remote deployments or login scripts that execute each time. 
Set-Variable -Name "installerVer" -Value ""


If ((Get-WmiObject Win32_OperatingSystem).OSArchitecture -eq '64-bit') 
{ 
  $installedLocation = "C:\Program Files (x86)\DataLocker\PortBlocker\client\PortBlocker.exe"
}
Else 
{ 
  $installedLocation = "C:\Program Files\DataLocker\PortBlocker\client\PortBlocker.exe" 
}

if (test-path $installedLocation) 
{
  $currentVer = ((Get-Command $installedLocation).Version)
  if ($installerVer -eq "") {  $installerVer = ((Get-Command $installer).Version)}
  if ([Version]$installerVer -gt $currentVer) {
	#Prevent PortBlocker from starting up during installation
	Start-Sleep -s 20
	Stop-Process -ProcessName portblocker -force
	Start-Process $installer -ArgumentList "/S /NORESTART /eula 1 /url $safeConsoleURL"
  }
}
Else
{
        Start-Process $installer -ArgumentList "/S /eula 1 /url $safeConsoleURL"
}