Frequently Asked Questions
The most common questions about CtrlOne in one place. For deeper detail, follow the links into the specific guides.
About the product
The questions below cover what CtrlOne is and how it enforces control. If you're new, start with the getting-started guide for orientation.
Frequently asked questions
What is CtrlOne?
A multi-tenant platform for locking down and monitoring Windows PCs. Operators apply policies from a web console and the agent enforces them on each endpoint.
How does CtrlOne enforce restrictions?
Policy-only - through Windows Group Policy and registry policy, then service control. It never renames executables, deletes app files, changes install paths, or patches binaries.
Which Windows versions are supported?
Windows 10, Windows 11, and Windows Server. See the Compliance & Compatibility page for the matrix and known limitations.
Can it run without the cloud?
Yes. Run the hosted cloud console, or the on-premises LAN server for air-gapped and data-residency-constrained networks - same console and controls.
What happens when a device is offline?
It keeps enforcing its policy, and can fail closed after a configurable offline period so enforcement tightens rather than drifting open.
Is CtrlOne an antivirus replacement?
No. It's built for lockdown and control and complements AV/EDR. It can report on Defender and BitLocker posture.
How is one customer kept separate from another?
Every device, policy, and evidence record is scoped to a tenant, with authorization enforced on each request and a master-admin view for providers.
How do I get support?
Use the contact page for sales, technical support, and security disclosures.
Didn't find your answer?
Browse the full documentation, or reach the CtrlOne team through the contact page.