IS Decisions logo

Qingyuan Prison chooses UserLock for network access management

  • Guangdong Province Qingyuan Prison
  • Public Administration
  • China
Guangdong Province Qingyuan Prison chooses UserLock for access management across its network

Guangdong Province's Qingyuan Prison is a correctional facility with 1000 employees situated in Qingyuan, a city in north-western Guangdong province in the People's Republic of China. Like in most correctional facilities, the prison records are considered the most sensitive information on Qingyuan Prison’s network. These files include the inmates’ personal information such as details of transfers, parole records, and activities recorded in the prison itself. Access to this data must be regulated and monitored.

"UserLock was the perfect solution to what we needed in terms of managing and monitoring access and prohibiting concurrent logins."

Zhiwen TANG - IT Network Manager

The Challenge

Moving beyond native Active Directory logon security to verify users’ network access

Uncontrolled user access was becoming a security issue for the IT team at Qingyuan prison. The team started the search for a way to restrict concurrent logins and to control and monitor access across the prison’s network.

When we IT administrators oversee 600 PCs that run on Windows.

Initially, the prison used Microsoft Active Directory's native controls to manage logins across the network. But the team quickly ran up against Active Directory's limits. Case in point, Active Directory doesn't natively offer a way to restrict concurrent logins.

In practice, a prison employee could login to one computer in one department and then move to another computer on the other side of the prison and login there. It was hard for IT to monitor which computer the employee was actually working from. This meant IT couldn't properly identify users — a big security risk.

The prison also had constant network security risks. For example, an employee could unknowingly transfer a virus to the network using a corrupted USB drive, and by the time the virus was detected on the network, it was too late to locate the point of origin or even try to identify who was using the computer at that time. Without complete access control and monitoring capabilities, IT couldn't effectively investigate these incidences.

The Solution

Extending Active Directory security to verify users are who they say they are

To better manage and monitor user access across the network, the prison’s IT administrators had tried using scripts within Active Directory. While the scripts helped in some ways, it wasn't enough to meet their access security requirements.

After a lot of research and comparing available solutions, IT identified two options:

  1. Invest heavily in a customized script solution, or

  2. Purchase an affordable access management software solution.

Qingyuan's IT administrators went for option two and purchased IS Decisions’ UserLock.

With UserLock, they could enforce their user access control policy so that an employee could login to only one computer with Active Directory at a time. This, alongside UserLock’s monitoring and audit capabilities, allows IT administrators to audit Windows login behavior across the network.

The Result

Securing network access with non-disruptive technology that integrates with Active Directory

Guangdong Qingyuan Prison installed UserLock in April 2015. Zhiwen Tang found the installation simple, and quickly briefed the IT team. IT then briefed all employees, who needed little to no training on how to use the software.

"It was the perfect solution to what we needed in terms of just managing and monitoring access and prohibiting concurrent logins. We have been using UserLock for a few months now and it meets all our network access security policies."

Zhiwen Tang - IT Network Manager

After a straightforward implementation, IT gradually rolled out UserLock across all 600 PCs over two months. IS Decision’s support team was there to provide input as needed. Once they were up and running, IT was able to find answers to their questions from UserLock's help documentation.

Today, UserLock's auditing capabilities continue to simplify IT forensics and documentation, helping IT easily sort information and export Windows Active Directory user logon reports to PDF.