DESlock+ is a software-based product that contains both a central administration server component, as well as a client application to manage encryption in the enterprise. Both the management software and client agents install on any 32-bit Windows host from 2000 to Windows 7 RC, and the backend database is Microsoft SQL Server.
Installation of both the management console and client agent are driven by point-and-click wizards, which provide a fast and easy setup. Once the product is installed, integrating with an LDAP service is a bit tricky. Instead of a direct import or synchronization with a directory service, administrators are required to export users to a .CSV file and then import the file to the DESlock+ database. Unfortunately, as users or groups change, this step must be repeated.
Administration and management is straightforward and intuitive. Users are assigned keys based on logical groups, and user access to hosts, folders, files and removable media is based on this chain of permissions. Encryption methods are set by policy from the management console, which contains a vast number of useful customizable options. One tiny drawback we noted was when whole disk encryption is used. Users will have to authenticate three times to the host: the PBA screen, the Windows GINA, and then the DESlock+ client software.
A unique feature that we liked is the way DESlock+ handles removable media. Users are able to use USB tokens without having to encrypt the entire drive. An encrypted folder is created on the stick and any PC with the DESlock+ client software installed will mount the drive from the encrypted folder, making the root folder of the drive equate to the encrypted data.
Documentation for the product consists of only one PDF, which provides some screen shots and brief instructions.
Eight hours a day/five days a week phone and email support is included in the cost. The support website contains a user knowledge base and FAQ list.