Alerts & Response to Logon Security Events on a Windows Network

UserLock continuously monitors all logon events, alerting IT of any suspicious or disruptive behavior so they can instantly react with appropriate measures.

React to Suspicious Access Behavior

An immediate response to suspicious, disruptive or unusual logon connections should be an integral part of an organizations security policy and risk mitigation strategy. Organizations can save a lot of time when responding to incidents if you can identify exactly what has been compromised.

As soon as any suspicious access event is detected (e.g. failed logon attempts, attempts to log on to default accounts, activity during nonworking hours…), UserLock automatically alerts the administrator (pop-ups or email), offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate settings.

Furthermore, it is important to stress that whilst monitoring user activity is required by many compliance regulation, without being able to filter or send an alert to the security administrator on specific and potentially suspicious access events, the monitoring has limited use.

Remote Response Management

New remote session administration design allows facilitation from any device, so administrators can still respond rapidly on the move using a smartphone, tablet or computer.

Personalized commands can also be defined and launched direct from the UserLock console to target one or many machines. The context menu will allow you to interact with the selected session by just checking the target box, saving time and avoiding the need to open other programs.

This immediate response can help prevent insider threats and reduce the risk of security breaches.

Alerts to compromised or stolen passwords

UserLock real time monitoring allows administrators to act immediately to compromised login credentials, but also now alerts users when their login credentials are used (successfully or not) to connect to the network.

This real-time alert allows users themselves to assess the situation and inform their IT department who can react immediately to any fraudulent use of compromised credentials.

With stolen or compromised account credentials responsible for several massive data breaches, who better than the user to judge whether an access attempt is ‘normal’ or part of a compromised attack?


Native Windows functionality offers no capability to remotely logoff workstation sessions.

Read more here