Administrators have the option to limit Silo client access to specific workstations, or company issued machines in particular. This helps restrict access to Silo from personal machines, or from personal accounts within organization network.
When Silo launches, it collects several pieces of immutable and mutable machine data and transmits that information back to Authentic8. One bit of immutable data is stored in the registry key: “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”.
This Registry Value is used as a Machine Lock reference in order to identify the machine owner.
The workflow is as follows:
- An end user attempts to log into Silo from a Windows machine:
- Is the RegisteredOwner attribute of the connecting device in our table of Locked Devices?
- If YES, at which org does this lock state exist?
- Does the username associated with the login sit at or beneath this org?
- If YES, allow the login. If NO, block the login and issue a notification via the client.
- If no, the user may log in normally.