 General
Registration & Payment
Installation
Troubleshooting
Miscellaneous
Q: What is PortsLock®?A: PortsLock® is an endpoint security solution that allows system administrators to specify network policy rules based on user and group membership. It provides user-level network policy restrictions for Windows workstations and servers. Once PortsLock® is installed, administrators can assign permissions to TCP/IP connections, just as they would in managing permissions on an NTFS partition of a hard disk.
Q: Can I be notified when PortsLock® is updated?A: Absolutely. To receive news about PortsLock®, join our mailing list. Enter your email address below, then click on the 'Join!' button:
Q: Does PortsLock® provide the centralized user-level control for the entire network when installed on a Windows server?A: No, PortsLock® should be installed on every computer where administrators want to enable user-level access control to TCP/IP.
Q: Can PortsLock® block ads, cookies, etc. while I'm browsing a web site?A: PortsLock® doesn't have a content filtering function because it is not a general personal firewall. Its main purpose is to protect networks from the inside. If you need content filtering, you can install any modern personal firewall.
Q: Can PortsLock® block access to a web site for one user and at the same time allow access to this web site for another user?A: Yes. This is exactly what PortsLock® has been created for. Moreover, you can assign different permissions for user groups and set allowed/denied time intervals.
Q: Can PortsLock® prevent my computer from being pinged from the outside?A: PortsLock® works at the transport (TDI) level so it (as well as the TCP/IP driver) doesn't receive packets when somebody pings your computer from the outside. Hence, PortsLock® can't block such packets. However, PortsLock® can deny users attempts to ping other computers from the computer where it is installed.
Q: Can PortsLock® control IPX/SPX traffic?A: Yes. PortsLock® can control IPX/SPX if it routes over TCP/IP.
Q: Can PortsLock® control NetBIOS traffic?A: Yes. PortsLock® can control NetBIOS if it routes over TCP/IP.
Q: Does a user need to log off and log on again so new security rules become active?A: No. PortsLock® assigns a user's permissions "on the fly" exactly as Windows does for files and folders on an NTFS partition.
Q: What rules will be applied if two users are logged on simultaneously (e.g. in case of Terminal Server) to the same computer?A: It doesn't matter how many and which users are logged on the same computer. The only thing that really affects the rules procedure is what user's (security) context has a process (thread) that is trying to access a network. It works exactly as do file's and folder's permissions on an NTFS partition.
Q: What limitations are there in an unregistered version?A: There are no functional limitations for an unregistered version and you may use PortsLock® (during the evaluation period) as a fully registered program but only on one computer. An unregistered version of PortsLock® displays nag screens.
Q: What is the easiest way to register PortsLock®?A: Online using a credit card at http://www.protect-me.com/pl/register.html.
Q: Can I be sent an invoice when I purchase PortsLock®?A: Yes. Use our online forms at http://www.protect-me.com/pl/register.html. Select a payment method (order by fax, toll-free phone, bank transfer, etc.), then ask for an invoice.
Q: Is it safe to use my credit card on the internet?A: Yes. All our registrations use SECURE protocols. It is impossible for a third party to intercept your credit card information. We also offer alternative ordering methods (such as order by fax, toll-free phone, bank transfer, etc.).
Q: I bought the Single license of PortsLock®. Could I install PortsLock® on all the computers in my network?A: You may install PortsLock® Service on only a single computer but PortsLock® Manager can be installed on any number of your computers. The Single license gives you the right to use PortsLock® on one computer so you are able to control access on only one computer. If you wish to use PortsLock on several computers, you need to purchase the appropriate number of Single licenses.
For example, if you wish to control access on:
one computer - you need to purchase one Single license ($50);
two computers - you need to purchase two Single licenses ($100);
up to 200 computers within the one network domain - you can buy the Site/Domain license ($2000). If you decide to add new computers (up to 200) to the domain, you won't pay for the extra licenses!
up to 2000 computers within the one geographical location - you can purchase the World/Corporate license ($5500) and install PortsLock on all the computers in your network. If you decide to add new computers (up to 2000) to the network, you won't pay for the extra licenses!
more than 2000 computers - please contact us directly for a quote.
Q: What is the difference between Site/Domain and World/Corporate licenses?A: The one Site/Domain license lets you install PortsLock® Service on all the computers in ONLY one domain or network group with 200 or less computers. If you wish to install PortsLock® Service on up to 2000 computers in all your domains within the one geographical location, you should purchase the World/Corporate license. Please contact us directly for a quote if the PortsLock® Service is to be installed on more than 2000 computers.
Q: I bought a license for PortsLock®. Do I need to buy another license each time PortsLock® is upgraded or a newer version is released?A: No. When you purchase a license (any kind) for PortsLock®, you automatically purchase all future releases and updates that will be released within 1 year from the date of purchase. It means that during one year you can download and install the latest versions of the software from our site, and the license keyfile that you received from us will work with the latest product version.
If you don't want to purchase an upgrade, you can use the program forever; it will never expire, but you won't be able to use the latest version.
Q: Can I install PortsLock® under Windows NT/2000/XP if I don't have administrative privileges?A: No. You cannot install PortsLock® under Windows NT/2000/XP without having administrative privileges. To correctly install PortsLock® under Windows NT/2000/XP you MUST have administrative privileges. If you are going to use PortsLock® only on a local computer, you must have local administrative privileges. But, if you are going to use PortsLock® throughout your network, you must have domain administrative privileges.
Q: Can I install PortsLock® under Windows 95/98 or Windows Me?A: No. PortsLock® only works on Windows NT 4.0/2000/XP and it is impossible to install it on Windows 95/98 or Windows Me. However, if you would like to have user-level access control for TCP/IP connections on Windows 9x/Me, you can take a look at a third-party product - Internet Access Scheduler developed by Shatran Software.
Q: Is it possible to install PortsLock® automatically (without any user intervention)?A: Yes. Just run PortsLock® Setup with the /s parameter (e.g. "c:\setup.exe /s"). This gives an install that can be used from within a batch file.
There is a special configuration file for silent setup: portslock.ini. With this file, you can customize the PortsLock® installation parameters. For example:
"Install" parameters.
Service - PortsLock® Service and its related files will be installed Manager - PortsLock® Manager and its related files will be installed Documents - documentation (PortsLock Manual.pdf) will be installed To specify a destination directory for PortsLock®, you can supply the parameter InstallDir If you have the registration key file for PortsLock® you can specify a directory with this file in the parameter RegFileDir
"Misc" parameters:
Q: Is it possible to install PortsLock® using Microsoft Systems Management Server (SMS)?A: Yes. You can use the package definition files (PLock.pdf for SMS version 1.x and PLock.sms for SMS version 2.0 and later) supplied with PortsLock®, located in the sms.zip file.
Q: Can I install the PortsLock® Service on the remote computer without having to physically go to it?A: Yes. PortsLock® supports Remote Install. If the PortsLock® Service isn't installed on the remote system or the PortsLock® version is too old, PortsLock® Manager will suggest that you install the service. Select the PortsLock® Service executable file (plservice.exe) and PortsLock® Manager will copy it to the remote computer. The PortsLock® Service executable file will be copied to the Windows system directory (e.g. c:\winnt\system32) if this service doesn't exist on this system. If the service exists on this system but is too old, PortsLock® Manager will copy the executable file to the directory of the old file and the old file will be replaced.
Q: Which ports do I need to open to allow PortsLock® to work?A: You need to open 135-139 ports and all ports above 1024 for incoming and outgoing packets:
Port 135 (TCP) - for Remote Procedure Call (RPC) Service Port 137 (UDP) - for NetBIOS Name Service Port 138 (UDP) - for NetBIOS Netlogon and Browsing Port 139 (TCP) - for NetBIOS session (NET USE) Ports above 1024 (TCP) - for RPC Communication
PortsLock® works like any other standard Windows NT/2000/XP administrative tool (such as Event Viewer, Services, Computer Management, etc.) so, if these tools work then PortsLock® will work, too.
You can find more information in the Microsoft's Knowledge Base
Q: I am receiving the error 1722 ("The RPC Server is unavailable") whenever I try to connect to a computer.A: The error 1722 means that PortsLock® Manager cannot access PortsLock® Service on the remote computer. There are several possible reasons:
the remote computer does not exist on the network (the computer's name or IP address is incorrect or this computer was shut down recently but its name still exists in the network browser); the remote computer is not a Windows NT 4.0/2000/XP computer and PortsLock Service cannot be installed on this computer; the remote computer is behind a firewall that was not configured properly (to configure a firewall, please read this answer); the remote computer is on another segment of your network that is not accessible from your segment, i.e. the routing was not configured properly and you cannot access that network's segment at all.
Q: I am receiving the error 1747 ("The authentication service is unknown") whenever I try to connect to a computer or start PortsLock® Service.A: The error 1747 occurs when the "Client for Microsoft Networks" option is not installed. To resolve this problem, install the "Client for Microsoft Networks". If you don't require the "Client for Microsoft Networks", it is best to disable it after installation (PortsLock runs properly in this configuration).
Also, on Windows NT 4 systems the RPC Security Service Provider could be configured incorrectly. Open the Control Panel's "Network" applet, select the "Services" tab, highlight the "RPC Configuration" record from the "Network Services" list and press the "Properties..." button. Then in the "RPC Configuration" dialog, set the "Security Service Provider" combobox to "Windows NT Security Service".
Q: I am receiving the error 1748 ("The authentication level is unknown") whenever I try to connect to a computer or start PortsLock® Service.A: By default PortsLock® uses the highest level of authentification (it encrypts the argument value of each remote call, verifies only that all data received is from the expected source and authenticates and verifies that none of the data transferred between PortsLock® Manager and PortsLock® Service has been modified). However, the computer on which you run PortsLock® Manager or PortsLock® Service may not support this level of authentification and you will need to decrease it. Start "Registry Editor" (regedit.exe) and create the "SecurityLevel" (type DWORD) parameter in the "HKEY_CURRENT_USER\Software\SmartLine Vision\plmanager\Manager" subkey, change the value for this parameter to 5 (1 - indicates lowest level, 6 - indicates highest level), then restart PortsLock® Manager or PortsLock® Service.
Q: I am receiving the error 1825 ("A security package specific error occurred") whenever I try to connect to a computer or start PortsLock® Service.A: The error 1825 is similar to the error 1747 so please read this answer.
Q: I've just set up security rules for a user but this user still can access restricted resources. What could be wrong?A: There are several possible reasons for that. First, make sure there is no Everyone user with allowed rules above the restricted user. Also, make sure that there is no user group above the specified user to which this user belongs. Then, make sure that source and destination parameters of the rule are not muddled up. There is a possibility permissions were assigned to an incorrect connection's direction (incoming or outgoing). These all are described in the User Manual.
Q: Is it possible to manage PortsLock® remotely?A: Yes. You can use PortsLock® Manager. Just select a computer that has the installed PortsLock® Service.
Q: How can I set the same rules for several computers simultaneously?A: Use the Batch Processing function to define rules on several computers simultaneously. For more information, please read the User Manual.
Q: How can I know which TCP or UDP ports are for what network services?A: There are several port lists on the Internet, check out: http://lists.gpick.com/portlist/portlist.htm or http://www.iana.org/assignments/port-numbers.
|
Products
Contact Us
PortsLock®
Description
FAQ
