DataLocker PortBlocker

Mass Deployment 1.0


The portblocker_setup.exe installer will deploy three key parts to the target workstation.  The three parts consist of a Device Driver, Windows Service, and a Windows Application that the user can interact with. Installation will require local admin privileges to complete the process, and is recommended to run as the system account to avoid UAC prompts. When calling the installer the /S switch can be used for a silent installation on new installs. Once PortBlocker is installed, all mass storage type devices will be blocked. Installation deployment can be done with a simple startup script, like the example below, or with third party tools.


Registration is needed before devices can be whitelisted. When registration parameters are successfully passed to the installer, PortBlocker will automatically register after installation.  The switches used for registration is as follows: 

/url <SafeConsoleConnectionToken>: the SafeConsole connection token

/eula 1: Accept the end user license agreement on behalf of the user

/user <UniqueToken>: OPTIONAL, register the PortBlocker Install to a specific user already in SafeConsole. 

It is recommended that the SafeConsole Server be configured with both unique token and admin approval disabled. This will allow a simple registration process for the end user.  


Windows 10 and Windows 7

SafeConsole Connection Token, ex:

Public server share to host installer, ex: \\nas\share\portblocker_setup.exe


Save this powershell script then link it to a group policy by going to Group Policy -> Computer Configuration -> Windows Settings -> Scripts -> Startup. User login scripts are also possible. 

# This Example script is intended for local execution by means of a startup script

# Location of exe, such as a public network share
Set-Variable -Name "installer" -Value "\\nas\share\portblocker_setup.exe"

# SafeConsole Connection URL<span class="fr-marker" data-id="0" data-type="false" style="display: none; line-height: 0;"></span><span class="fr-marker" data-id="0" data-type="true" style="display: none; line-height: 0;"></span>
Set-Variable -Name "safeConsoleURL" -Value '""'

# Manually specify which version to update to. This can be found by right clicking on the installer exe and 
# clicking properties and going to details. Example String would be "". If not defined, this script will
# automatically pull the version number from the installer, this can slow down execution and is not recommended for
# remote deployments or login scripts that execute each time. 
Set-Variable -Name "installerVer" -Value ""

If ((Get-WmiObject Win32_OperatingSystem).OSArchitecture -eq '64-bit') 
  $installedLocation = "C:\Program Files (x86)\DataLocker\PortBlocker\client\PortBlocker.exe"
  $installedLocation = "C:\Program Files\DataLocker\PortBlocker\client\PortBlocker.exe" 

if (test-path $installedLocation) 
  $currentVer = ((Get-Command $installedLocation).Version)
  if ($installerVer -eq "") {$installerVer = ((Get-Command $installer).Version)}
  if ([Version]$installerVer -gt $currentVer) {Start-Process $installer -ArgumentList "/S /eula 1 /url $safeConsoleURL"}
        Start-Process $installer -ArgumentList "/S /eula 1 /url $safeConsoleURL"