Documentation
System Requeriments
The requirements below list the minimal configuration. Any better hardware or newer software may be used. If you experience problems, nonetheless, please do not hesitate to contact us.
Architecture
- 32 bits
- 64 bits
Software
- Windows 10
- .Net 4.7 or higher
Hardware
- 1 gigahertz (GHz) or faster processor
- At least 2 gigabytes (GB) for 32-bit or 4 GB for 64-bit
- 1GB available disk space
Browsers
- Chrome
- FireFox
- Microsoft Edge
- Internet Explorer
Installation
Open installation folder, right click on “LabLockInstall.exe” file from the installation folder and click on “Run as administrator” to start the installation
This will open the installation wizard. Click “Start” to begin the installation.
Read the EULA (End User License Agreement), click the checkbox to accept the license terms, and click on “Next”
Click on “Install .NET 4.7.2” to install .NET on the PC.
Click “Next” to continue with the installation.
Click on “NodeJS” to install NodeJS on the PC.
Once the installation is completed a pop up will be displayed. Click “ok” to confirm NodeJS is installed.
Click “Next” to continue with the installation.
Click “Install LabLock components” to start the installation process of LabLock Service.
Click “Next” to continue the installation of LabLock Service.
Select LabLock service port and click “Next”.
Note: By default, LabLock uses the port 8081 for the service API traffic.
Select LabLock web portal port and click “Next”.
Note: By default, LabLock uses the port 3000 for the Web traffic.
Select LabLock installation folder and click “Next”.
Note: By default, LabLock folder is located on “C:\Program Files\JAKO-Solutions\LabLock\”
Click “Next” in “Confirm Installation” windows to start LabLock Service installation.
Once LabLock service is installed click “Close” to return to LabLock wizard.
Click on “Validate” to validate LabLock service installation.
After clicking “Validate”, if the installation was successful the following message will appear: “LabLock version 1.1.0 already installed in the machine”.
Click “Next” to move to the next window.
Click “Deploy” to bring the LabLock web interface into effect.
Once the Web interface is installed, it will show a message in green.
Click “Next” to continue.
Click on “Reboot” to restart the PC or Finish to go back to Windows.
Note: The computer will need to be restarted to begin using LabLock.
Getting Started
After the LabLock installation is complete, restart the PC to start using the product. LabLock portal can be accessed remotely or locally from different web browsers.
Open one of the supported web browsers (Edge, Chrome, Mozilla) and type in the following URLs:
For local access: http://localhost:port or http://127.0.0.1:port
For remote access: introduce computer name or IP followed by the port. Example: http://computername:port or http://ip:port Where the port is the port number configured during the installation. By default, LabLock uses port “3000”
The login page to introduce your username and password will appear.
Once the credentials are accepted, you will be redirected to the LabLock landing page.
LabLock Top menu contains the main 5 sections of LabLock: Dashboard, Restrictions, Settings, Import/Export, and Activity.
On the right side of the menu, there is a dropdown menu with the information of the user logged into the LabLock interface. The dropdown menu shows the full name of the logged in user. Click on the user's full name to open menu.
The menu contains the following information:
User: This is the local user for local authentication or the SAMaccountname for AD authentication of the logged user to the LabLock portal.
Role: This is the role that the user is part of.
IP: This is the IP from the computer that is logging into the LabLock portal.
LabLock Version: This is the version of LabLock installed on the PC.
License Status: This is a link to a Windows where the license status is displayed.
Help: This is a link to the documentation located on the LabLock website.
Logout: This is a button to log the user from the LabLock portal.
License Status Window gives an overview of the status of license where the following information can be found:
License: Maybe “Permanent” or “Temporary”.
License ID: This is the ID of the license file.
Computer: This is the name of the computer where the license file is activated.
Customer name: The name of the company assigned by JAKO-Solutions when the license is generated.
Customer ID: This is the JAKO-Solutions customer ID.
Dashboard
The top version of the dashboard contains 3 parts: Desktop details, Restrictions Dashboard, and user details:
Desktop details: This section displays computer details. It will provide the computer name, operation system, and time when the PC was turned on.
There are 3 buttons where the PC can be logged off, restarted, and shut down.
Restrictions: This section details the restriction’s status. In this section, you can suspend the LabLock restrictions temporarily by clicking suspend. Restrictions will be activated automatically if the suspension count down reaches 0. Restrictions can be activated by clicking the suspend button again.
Suspend button is disabled if no restrictions are set in the Restrictions section.
User Details: This section contains the user's details. If a user is logged on to the PC, it will show what users are logged in and when they logged into the PC.
You can screenshot the desktop by clicking on the “camera” icon.
You can also send a 100-character message to the PC where LabLock is installed by clicking on the “message” icon.
Note: Users that are part of the interactive group will not have screenshots and message icons. Those users aren’t fully logged into Windows OS, they're just running a process or service. Therefore, message and screenshot options are disabled.
Restrictions
Restrictions are divided into 5 different sections: Core, System Keys, Apps, Startup, and Firewall.
Core
Core tab is a section where you can configure restrictions based on Desktop, Taskbar, FileExplorer and System.
Desktop
In this section you can find restrictions related to Desktop
| LabLock Policy | Description |
|---|---|
| Hide the Desktop | Hides all desktop icons and disables desktop context menus |
| Disable edit Desktop | Protects desktop icons and desktop files/folders from tampering: they can be executed, but cannot be edited or deleted |
| Disable Edge | Disables the ability to swipe using touch from the edges of the screen |
| Hide Bin on Desktop | Hides the Bin from the Desktop |
Taskbar
In this section you can find restrictions related to the Taskbar
| LabLock Policy | Description |
|---|---|
| Disable StartMenu | Disables the StartMenu button |
| Disable changes to StartMenu | Blocks the users' ability to change StartMenu. |
| Hide programs from StartMenu | Hides the programs list in the Start Menu |
| Hide Search and Cortana | Disables the ability to search and run local files from the Start Menu and Taskbar |
| Hide the TaskView | Disables the TaskView functionality |
| Hide Taskbar | Hides the Taskbar completely |
| Lock Taskbar | Disables the ability to resize and move the Taskbar |
| Disable the right-click Menu | Disables the right-click settings menu in the Taskbar |
| Hides Clock | Hides the system Clock located on the right-side area of the Taskbar |
| Hide Windows Ink Workspace | Hides the Ink Workspace icon from the right-side area of the Taskbar |
| Hide Language preferences | Hides Language preference icon from the right side of the Taskbar |
| Hide Action Centre | Hides the Action Centre from the right side of the Taskbar |
| Hide People Icon | Hides the People icon from the right side of the Taskbar |
| Hide News and Interests | Hides News and Interest icon from the Taskbar |
| Hide Touch Keyboard | Hides the Touch keyboard icon from the Taskbar |
| Hide System Tray icons | Hides the System Tray icons located on the right-side area of the Taskbar |
File Explorer
In this section, you can find restrictions related to the File Explorer
| LabLock Policy | Description |
|---|---|
| Block File Explorer | Blocks access to File Explorer. When selected, any File explorer window open will be automatically closed |
| Add Folder default path | The File Explorer and the “Open” and “Save As” dialog boxes are redirected to the selected folder path. Other parts of these components are also disabled such as the navigation bar and buttons. The navigation menus will also be disabled for the dialog boxes |
| Disable Context menus | Disables context menus on the File Explorer |
| Disable Options menu | Disables access to options menu on File Explorer |
| Disable top menus and ribbon | Disables top menus, ribbon, and bars in the File Explorer and the “Open” and “Save As” dialog boxes |
| Disable navigation Pane | Disables the navigation pane (left column of file explorer) |
| Disable Quick Access | Disables the Quick Access from the navigation pane on File Explorer and in the “Open” and “Save As” dialog boxes |
| Hide Special Folders | Removes special folders (3D Objects, Desktop, Documents, Downloads, Music, Pictures, and Videos) from This PC on File Explorer and “Open” and “Save As” dialog boxes |
| Hide this PC | Hide the “This PC” folder in File Explorer and the “Open” and “Save As” dialog boxes |
| Hide Network | Hides the “Network folder in File Explorer and the “Open” and “Save As” dialog boxes |
| Hide OneDrive | Hides the OneDrive folder in File Explorer and the “Open” and “Save As” dialog boxes |
| Hide Dropbox | Hides the Dropbox folder in File Explorer and the “Open” and “Save As” dialog boxes |
| Disable access to Drives | Disables access to selected drives in File Explorer and the “Open” and “Save As” dialog boxes |
System
In this section you can find restrictions related to the System
| LabLock Policy | Description |
|---|---|
| Disable Control Panel | Disables the Control Panel and the options displayed within the control panel section |
| Disable Administrative tools | Blocks access to common administrative tools, including Windows Task Manager, Regedit, Cygwin, Process Explorer, and Microsoft Management Console. |
| Block Windows Settings application | Blocks Windows Settings application |
| Disable Remote Desktop Protocol service | Disables the Remote Desktop Protocol service from the PC |
| Disable the detection of USB drives | Disable the detection of USB drives |
| No ability to write into USBs | Disables the ability to write to USB drives |
| Disable Autoplay Menu for external Devices | Disables the Autoplay menu that is displayed when a new external drive is detected (DVD, USB, External hard drive...) |
| Hide Shutdown option on PC | Hides the shutdown option from the Start menu and the Lock screen |
| Hide switch user option on PC | Hides the switch user option from the Start menu and the Lock screen |
| Disable Help option | This option disables the help |
| Lock PC when idle | The PC is automatically locked when there is no activity (value is in minutes) |
System keys section
The system keys tab allows you to block keyboard keys, keys combinations, and Mouse buttons. It is divided into subsections to represent different groups of keys:
Apps section
The Apps tab is a white list of applications allowed to run on the PC. Applications can be configured by adding the path of the executable file “.exe” or adding a folder where all executable files “.exe” within it and its subfolders will be allowed to run. By default, the list is empty. The module won’t block any applications until at least one application is added.
Note: The Task Manager is never blocked from the Apps Tab for security reasons. If you want to block Task Manager, it can be blocked from the “Core - Systems” section.
Applications not listed on the Apps table will be blocked by Lablock. Windows folder paths can also be added to the table. All .exe files in subfolders of added folder paths will be allowed to run.
Startup section
The Startup tab allows you to add paths to executables and scripts that will be executed by Windows at Start-up.
Firewall section
The firewall tab allows configuring local Firewall rules on the PC where LabLock is located. The screen is divided into two tables: LabLock firewall rules and Windows firewall rules.
Firewall Rules will only be added by port number.
Settings
Settings menu allows you to configure the different LabLock options. Settings are divided into 3 different sub-sections: Roles, AD, and General.
Roles
The Roles tab allows access to different profiles within LabLock. These roles must be attached to existing Local Windows groups or Active Directory security groups.
On the landing screen, there will be a list with all the roles created, a description, the group they belong to, the permissions granted for the role, and the status of the role. By default, there will be an Administrator role belonging to the Administrators local Windows group to access the application.
Note: To do the initial setup, only a user belonging to the Administrators windows group will be allowed to log in to LabLock.
You can also create new roles or edit existing ones:
To create a new role, click on add role button
To edit an existing role, click on the button
When pressing either button, a new screen will be displayed where we can set the following fields:
Role name: This is the name of the LabLock role
Description: This is a description of the LabLock Role
Group: This is the group used. The group can be a Windows local group or an Active Directory security group.
Permissions: This section is used to set the permissions of the group.
Status: The status of the role in LabLock, can be activated or deactivated.
Name: This is the name of the LabLock role.
Description: This is a description of the LabLock Role.
Windows group: Windows group can be “Local” or “Active Directory”. If “Local” is selected the user will be authenticated against a local user and group. However, if “Active Directory” is selected, the authentication will be done against an AD user and AD security group using LDAP.
Group name: This is the name of the local group or the name of the AD security group. For AD will be using the group DistinguishedName. For a user called “LabLock_User”, the DN could be as follows: “CN=LabLock_users, OU=Groups, OU=LabLock, DC=LABLOCK, DC=local”
Health-check button: This button can be used to check the connectivity of AD groups. Click the button and if the AD group exists and the connection is configured correctly, the button will become green.
Active: Select active to make the group active or unchecked the option to disable the group
Permissions: Select the permissions to be granted to the role. You can choose from Dashboard, Restrictions, Activity, Settings, and Import/Export.
Cancel: Click “Cancel” to discard the changes and come back to the list Roles screen.
Save: Click “Save” to save the new group configuration.
AD
In this tab, you can configure the settings to connect to an Active Directory server. You will need a valid AD service account. Once you fill this section with a user, LDAP authentication will be activated.
NOTE: If using local authentication, this section doesn't need to be configured
Username: User should add Active Directory account. Put in the text box “SamAccountName” as an example.
Password: Password of the Active Directory service account.
BaseDN: stand for Base DistiguishedsName, this should be the domain controller name. For example “dc=domain,dc=com”.
Port: This is the LDAP authentication port used by your domain. By default, the ports used can be 389 for LDAP and 636 for LDAPS.
Test Connection: the “Test Connection” button is used for checking the AD connectivity. If the authentication call is successful, it will display a box with a check icon with a green background. However, if the health check fails, it will show a box with an “X” inside with a red background.
Apply: Click Apply to save the changes.
General
General section contains general LabLock configuration settings:
LabLock port:The port will be used to connect to LabLock
Session Expiration: In the Session Expiration option, it can be created to automatically log out from a session in LabLock
Suspend restrictions time:In Suspend restrictions time can be configured a time (in minutes) to temporally disable LabLock windows restrictions
Suspend restrictions Hotkey combination: In Suspend Restrictions Hotkey combination can be configured as a hotkey combination to disable restrictions from locally in the computer. This hotkey can be executed without login to
Hotkey password: In Hotkey password, it can be configured a password to suspend windows restrictions temporally from the local computer
Hide user notifications: In Hide user notification, it can be enabled or disabled information notifications for Windows
Brand:In Brand, you can add the brand of your company to the notifications. This brand will only be shown if the Hide user notifications option is disabled
Import / Export
In the Import section, you will import the existing LabLock restrictions and settings configurations from other LabLock instances.
Click “Browse” to upload a LabLock configuration file. Once loaded, you have different checkboxes for the different “Restrictions” and “Settings” available in LabLock. By default, all the sections will be imported. Checked the sub-sections that you want to import to the system
Then click the “Import now” button to upload them and apply the configuration.
In the “Activity” section can be checked the MD5 number of the configuration file is imported for traceability.
Activity
The activity menu can be used to view, search and trace the different activities and changes to the restrictions in the LabLock web portal, such as applied restrictions, warnings, user login information, and more. Use the search box to find specific entries.
On the top menu, you can filter the different entries based on the username, the IP accessing LabLock, the start and end dates, and even the different menu(s) within the LabLock application: Login, Dashboard,
Restrictions, Settings, and Import/Export. Applied restrictions can be inspected by locating the appropriate entry and then clicking the more info button
By default, the activity log has a limit of 50 explorable entries, which can be expanded to 200 or 1000 entries, at the bottom, while the total number of log entries can be exported.
Log entries can be exported by clicking export, located at the upper right corner. Logs can be exported in CSV format.
