UserLock Features

Granular Access Restrictions

UserLock concurrent logins limitation interface

UserLock restricts and controls user access to protect your Windows network.
It allows you to set and enforce granular login restrictions that support your organization’s policies. Each of these restrictions takes into consideration the session type and allows restrictions to be set by user, user group or organizational unit.

• Limit Concurrent Logins.

  Preventing logins significantly decreases network vulnerability.
  Limitations can be set in a granular way and can vary according to user, group or organizational unit.

• Workstation Restriction.

  UserLock can prevent logins on multiple workstations based on users, user groups or organizational units.
  Users can be limited to their own workstation, IP range, department, floor, building, etc.

• Time Restrictions.

  UserLock defines working hours and/or maximum session time for protected users. Outside of these timeframes and/or when time is up, users will be disconnected with prior warning. UserLock can detect when a password protected screensaver starts and can automatically logoff a session after a specific length of idle time.

• Time Quotas.

  UserLock defines and enforces daily, weekly, monthly, etc. connection time quotas per user or user group and per session type. Several time quotas can be defined for the same protected account, including one for each type of session.

This comprehensive matrix of access rules takes security controls beyond native Windows functionality and enables the implementation and strict enforcement of a granular user access control policy for your Windows network.

Real-Time Monitoring, Alerts & Response

UserLock offers real-time session monitoring that lets you know the number of concurrent logins, who is connected from which workstation and since when. As soon as any suspicious access event is detected, UserLock automatically alerts the administrator, offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate sessions.

To help administrators facilitate a response, personalized commands can be defined and launched direct from the UserLock console to target one or many machines (e.g. Opening a Remote Desktop Connection). This option saves time from having to navigate out of the console and through the start menu to find other programs.

UserLock real-time monitoring interface

Tracking & Reporting

UserLock records all access events into an ODBC (Microsoft Access, SQL Server, MySQL) database for reporting. Comprehensive, detailed reports can be generated automatically (and emailed) at regular intervals. The predefined reports include:

• Session history: Detailed connection list (logon, lock, unlock, logoff instances, users, domains, workstations, etc.)
• Session Statistics: Displays total login, total connection time and average time per session for a given user and period
• Agent Distribution: View of the agent installation status on all computers of the protected network zone
• User sessions: Snapshot view of all concurrent logins at display time
• Session count evolution: View of the evolution of all opened sessions
• RAS sessions: View of the history, statistics and a chart displaying the evolution of the number of RAS sessions
• Dashboard: Printable version of dashboard

^* New reports available on UserLock 6.0

UserLock reporting interface

Raising User Security Awareness

UserLock is a unique technology solution that helps increase user security awareness and assists an organization in enforcing IT security policies and controls.
It allows an organization to notify all users prior to gaining access to a system with a tailor-made warning message. It can provide users with information such as:

• Last workstation logged on
• Date and time of last successful logon
• History of all logons denied by UserLock and Windows since last successful logon
• Number of logons denied by UserLock and Windows since last successful logon

This is one of the most effective ways to raise security awareness directly with end-users.
The message can also include a tailor-made legal disclaimer stating that for example, system usage is monitored, recorded, subject to audit, and that unauthorized use is prohibited and subject to criminal and civil penalties.

Example of a UserLock welcome prompt