BCWipe Enforcer



NOTE: BCWipe Enforcer feature is available only in Enterprise version of BCWipe

BCWipe features Enforcer for centralized control of data wiping. IT administrators can now surgically remove all traces of selected data on any drive in their network. BCWipe Enforcer is compatible with systems management software, such as Microsoft SMS and LANDesk, allowing enterprises to remotely install BCWipe across all workstations and centrally manage data wiping policies. With Enforcer, an administrator can run BCWipe as a system service in Windows to perform wiping tasks remotely without end-user intervention.

Step-by-step instructions for administrators:

  1. Install BCWipe Enterprise on any computer.
  2. Open BCWipe Task Manager and create a set of tasks that will be run on end-users' computers. It does not matter what scheduling is set for the task - in the current version the task will always be performed at user's logoff.
  3. Run the command Export Task(s) to Text File from Tasks menu

    Image text

    or from the command line interface:

    >BCWipeTM.exe GeneratePatternTask

    NOTE: For users running Windows Vista or Windows 7 - remember to run BCWipe Task Manager or Command Prompt "as administrator" or disable User Account Control before running the command.

    As a result, the file 'PatternTask.txt' - Pattern Task File - is generated in the selected folder (when running from command line - it will be created in BCWipe home folder). Example of the Pattern Task File generated for two wiping tasks - Wipe Special Folders and Wipe Local History:



    Image text

  4. Put the file to any location shared in the local network.
  5. Install BCWipe Enterprise on end-users' workstations. BCWipe is installed remotely using systems management software (e.g., Microsoft SMS, LANDesk) or manually. Administrator should run Setup program with the command line with a special flag and specify the full name of the Pattern Task File as a parameter:

    >bcwipe4.exe –serviceTaskFile PatternTaskFile

    Example: >bcwipe4.exe –serviceTaskFile \\COMPUTER_NAME\C\folder\PatternTask.txt


    6. NOTE: If the parameter PatternTaskFile and the flag serviceTaskFile are not specified, BCWipe will try to find the Task File locally in the BCWipe Home folder. Therefore, BCWipe Enforcer functionality can be executed even if the workstation is not connected to the network.

  6. After one reboot of the workstation, BCWipe starts to perform the wiping tasks. During the reboot, the Pattern Task File is converted to user-independent format and all necessary information is written to the Registry.
  7. When the user logs off, BCWipe starts to run wiping tasks as specified in the Pattern Task File. The process is running as a service.

The administrator can configure BCWipe Enterprise to create a log file of the process on the server or on the workstations. The name of the log file is reported in the PatternTaskFile. If it was generated with a local name:

LogFileName=C:\enforcer\enforcer.log

- then to re-direct the logfile to another computer - open the file and modify the name to the network one:

LogFileName=\\COMPUTER_NAME\c\enforcer\enforcer.log

Note that services are not always allowed to write to a network location. It depends on network configuration.

It is also possible to create a list of users temporarily excluded from wiping. PatternTaskFile has the special field:

[ExcludeUserList]

Write list of full user names below this field:

[ExcludeUserList]
DOMAIN_NAME\USER_NAME
COMPUTER_NAME\USER_NAME