DataLocker PortBlocker 1.3

Mass Deployment


The Portblocker-Setup.msi installer will deploy three key parts to the target workstation.  The three parts consist of a Device Driver, Windows Service, and a Windows Application that the user can interact with. The installation will require local admin privileges to complete the process and is recommended to run as the system account to avoid UAC prompts. Once PortBlocker is installed, all mass storage type devices will be blocked. The following arguments can be used during installation. 

/quiet: used for silent installations on new installs and version upgrades.

/S: hides the notification that PortBlocker is already installed

/norestart: Prevents the machine from restarting automatically after the installation is completed. 

/forcerestart: The machine will be restarted after the installation is complete.


Registration is needed before devices can be whitelisted. When registration parameters are successfully passed to the installer, PortBlocker will automatically register after installation.  The following arguments can be used during installation to automatically register PortBlocker after registration. 

URL=<SafeConsoleConnectionToken>: the SafeConsole connection token

EULA=1: Accept the end-user license agreement on behalf of the user

USER=<UniqueToken>: OPTIONAL, register the PortBlocker Install to a specific user already in SafeConsole

UNINSTALL_PASSWORD=<PortBlockerUninstallPassword>: OPTIONAL, requires the password to be entered when attempting to uninstall PortBlocker. The password would be requested later to be typed in the UI (or PASSWORD switch could be used to provide this password through the command line on uninstall). If a password is not defined during installation, the uninstall password will need to be obtained by contacting 

LAUNCH_CLIENT=1 | 0: Launch Windows client application after installation. The default value is 1 (launch client application). It is recommended to set to 0 (do not launch client application) for mass deployment scenarios to avoid unresponsive client process in the background. The client application should be launched by the user or startup script on user login in this case.

It is recommended that the SafeConsole Server be configured with both unique token and admin approval disabled. This will allow a simple registration process for the end-user. 


  • PortBlocker 1.3.4 or later MSI Installer
  • Windows 10 and Windows 7
  • SafeConsole Connection Token, ex:
  • Public server share to host installer, ex: \\nas\share\PortBlocker-Setup.msi 


This example PowerShell script can be modified for use with your software deployment tool. 

*Note*  Windows by default restricts execution of PowerShell script. However, this execution policy will not need to be changed for deployment as the script will execute with the privilege of the local system account. When testing the script locally, the PowerShell execution policy may need to be modified. For more information see Microsoft's documentation.

# Location of msi, such as a public network share
Set-Variable -Name "installer" -Value "\\nas\share\PortBlocker-Setup.msi"

# SafeConsole Connection URL
Set-Variable -Name "safeConsoleURL" -Value '""'

# Custom Un-install password
Set-Variable -Name "upassword" -Value "password"

$installerArgs = "/i $installer /quiet /norestart EULA=1 UNINSTALL_PASSWORD=$upassword URL=$safeConsoleURL LAUNCH_CLIENT=0"
Start-Process msiexec.exe -Wait -ArgumentList $installerArgs