Monitor User Logon and Logoff across Windows Server Network

UserLock offers a real-time approach to continuous access monitoring. To help further verify all users’ identity a risk indicator allows administrators to evaluate and detect suspicious access behavior at a glance.

Real-Time Monitoring Of Users Logon and Logoff Activity

Real-Time monitoring provides IT teams with unique features to easily track, report and alert on all user logon activity.

With access controls and restrictions set and enforced across all session types, real-time monitoring provides IT teams with unique features to easily report, alert on and monitor user logon and logoff activity.

With UserLock you can monitor user sessions by either user or computer.

Get information by user or by machine

  • User details

    View the display name, the user account, the organizational unit, etc.

  • Opened sessions

    View all the sessions status opened by a user, from where he has logged on, since when, etc.

  • Last logoff

    View the last workstation on which the user logged off and the time of the last logoff

  • Machine details

    View the computer name, the client IP, the organizational unit, etc.

  • Opened sessions

    Get the list of all users with a session on this computer.

  • Computer localization

    Get the building and the room of the computer (if a localization is enabled)

Detect And Evaluate User’s Suspicious Logon Behavior

UserLock now offers administrators more intelligent threat detection. The real time monitoring incorporates a risk indicator, identifying suspicious network access behavior at a glance.

User Status

The new User Status feature evolves according to the user’s actions when accessing or attempting to access the network. Correlating each user’s logon events with their customized access controls, it delivers a complete view of an organization’s network activity and risks, allowing administrators to focus on activity deemed to be of risk or high risk.

For example; a large number of concurrent sessions, users with many denied logon attempts, user accounts that are not protected by UserLock and subject to control policies, etc…

Email alerts

Email alerts can also be defined to warn on user status change and a history of the user status changes is also kept for auditing and reporting.

The different settings that trigger status changes can be adapted through the UserLock Server Properties and Alert Notifications.

Case study

Sensitive data on the Windows based network was being put at risk by uncontrolled user behavior and unauthorized user access.

With UserLock, we have an effective network access management tool that is very simple to manage and easy to understand. It has helped simplify IT’s work by reducing between 70 to 90% the time spent monitoring and auditing network access of all users.

Antônio Fernandes S. Oliveira
Network Manager, Pernambuco State Traffic Department

Tracking (and auditing) all logon and session events is key in knowing what is going on in your Windows Active Directory environment. It is crucial that any suspicious access to your organization’s network can be detected and investigated ASAP.