The advantages of using PowerShell commands for Active Directory security

PowerShell commands for Active Directory security help automate repetitive or complex tasks. Here's how to manage/administer UserLock with PowerShell cmdlets.

Updated July 3, 2025
Common causes of data leaks & how to prevent them

Windows PowerShell is an extendable command shell and scripting language that AD admins use to manage and administer server environments like Windows Server, Exchange, and SharePoint. Find out how UserLock allows IT teams to use PowerShell commands for Active Directory security and free up time for strategic work.

UserLock is an enterprise software solution that controls and restricts user access with Identity and Access Management (IAM) for on-premises AD identities.

How to manage UserLock with PowerShell

UserLock admins can write and schedule scripts at regular intervals to automate UserLock administration tasks. The UserLock cmdlets can also be used without a script to administer the UserLock server.

Using extendable cmdlets helps:

  • Make repetitive tasks easier and less tedious

  • Simplify complex tasks by wrapping several commands together

  • Automate system admin tasks

  • Reduce the risk of human error

  • Manage remote systems

  • Manage UserLock without the console or a web browser

All cmdlets respect the PowerShell Standard (settings, help…).

Want to learn more about Windows PowerShell command line and scripting environment? Microsoft's Powershell Documentation hub is where you'll find training videos, guides, Wiki articles, and more…

Prerequisites for managing UserLock with PowerShell

PowerShell is installed by default for Windows 7 and Windows Server 2008, and is compatible with all versions of Windows that support version 2.0 NET (Vista, XP, Server 2003 …)

To use PowerShell scripts, you must edit the policy by running the following command as an administrator:

powershell
Set-ExecutionPolicy RemoteSigned

The default option is “Restricted” which prohibits the execution of any PowerShell script.

PowerShell

Note: There is no need to install anything else aside from the UserLock Console.

Using PowerShell to manage UserLock

Simply click on the icon PowerShell from the Toolbar located on the UserLock console.
This launches a PowerShell console with the UserLock module that is loaded.

UserLock powershell icon

Once launched, UserLock PowerShell attempts to connect to the UserLock server selected in the console (if no server is selected, a connection will be attempted on the local computer).

From this point, the first scripts can be written or the first UserLock cmdlets run.

The “Get-UserLockCommand” command lists all the commands provided by the UserLock module.

PowerShell UserLock command

Each cmdlet has a comprehensive help that can be accessed by running the following command:

powershell
Get-Help <UserLock cmdlet> -Full

Script Examples

 

The following script (which could be named "Stop-UserLockWorkstationWithNoSession.ps1") shuts down workstations that have no opened session during non business hours; useful in respect to ‘green’ IT policy.

powershell
Get-UserLockReportedComputer -OnlyWorkstation | where {($_.SessionCount -eq 0) -and ($_.Available)} | Stop-UserLockComputer -Force

 

The next one (Install-UserLockAgentOnRemainingWorkstation.ps1) installs the Desktop UserLock agent on workstations with no agent through the UserLock server. Useful if you have to reboot workstations to enable the UserLock agent (on OS XP, 2003 and older).

powershell
Get-UserLockAgentDistribution | where {($_.IsServer -eq 'Workstation') -and ($_.AgentType -eq 'Desktop')-and($_.AgentStatus -eq 'NotInstalled') -and ($_.LastCheckStatus -eq 0)} | Install-UserLockAgent -Force

 

This script can reboot overnight all workstations with a pending agent installation.

powershell
Get-UserLockAgentDistribution|where {($_.AgentStatus -eq 'installing') -and ($_.IsServer -eq 'workstation')}|Restart-UserLockComputer -Force

 

This script can send a pop-up warning to all open sessions.

powershell
Get-UserLockInteractiveSession | Send-UserLockPopup -Title 'IT Maintenance' -Message ' The File server is currently restarting. It will be available in 5 minutes. IT Department.' –Force

 

This script enforces a UserLock setting (e.g. a welcome message) to all your protected users.

powershell
Set-UserLockProtectedAccount -Name * -Type user -Property DisplayWelcomeMessage -Value true –Force

You can also create protected accounts with specific criteria and rules that forbid them to use another workstation except the one you have attributed.

Advanced Examples

To administer a remote UserLock server, change the variable $UserLockServerName by running:

powershell
$UserLockServerName = <remote UserLock server>
Powershell server

You may also use UserLock cmdlets without launching PowerShell from the UserLock console.

To do this, start a PowerShell console, manually load the module UserLock PowerShell then use UserLock cmdlets by running the following commands:

powershell
Import-Module UserLockPowerShell
powershell
Get-UserLockProtectedAccount
powershell protected account

With UserLock, administrators that are proficient in and enjoy working with PowerShell have the option to use this shell and scripting language when managing UserLock.

XFacebookLinkedIn
Software developer
Guillaume FagoagaSoftware Development Manager