Device Audit Mode Requires SafeConsole 5.6+ and device client version 6.3 or later (not compatible with K300)
With Device Audit Mode a SafeConsole Admin can capture a device in a locked-down state. In this state, the user will be unable to modify any files on the device as well as change any configuration of the device. Unlocking the device will require the intervention of a SafeConsole Admin to get a unique unlock code, and each unlock can only be done in a read-only state. When the device has unlocked all files on the device are hashed and the resulting logs files are sent to SafeConsole. To remove the drive from Audit Mode, the device must be issued a factory reset command from the server.
How to Enable Audit Mode:
Admin: issues the “audit” command for the Drive Details in SafeConsole
User: launches the client and is presented with this notification:
Click OK, the client comes up
The user will not be able to unlock the device. The device is set Read-Only mode.
The device can be unlocked while in Audit Mode by the Administrator by Generating a Login Code.
-Go to the Drive Details page > Generate Login Code
- Copy the Server Response Code.
-On the device> Password Help> Paste the Server Response Code in the Recovery Code Box.
Click OK, the drive is unlocked. Notice “AUDIT MODE” at the bottom of the control panel.
As soon as the drive is unlocked, the auditing mode starts auditing the contents of the private partition.
The content of the audit has been sent and is available in the audit log:
At this point, the audit is done but the drive is still in audit mode. During that time, the user is unable to modify the contents of the drive.
After the audit is complete, the Admin changes the status of the device in the Drive Details to Factory Reset. This will wipe the device and set the device back to a Factory Default State.
Next time the device is plugged in and the device client is ran, the device will reset.
