Requirements
Before installing UserLock, ensure your environment meets the following requirements to guarantee optimal performance and compatibility.
This section lists the requirements to install the UserLock Server on a Windows machine.
✅️ Operating system: Windows Server 2012 or later (1)
✅️ Active Directory: Forest and domain functional level: Windows Server 2008 or higher (2)
✅️ CPU: Dual-core 2 GHz minimum
✅️ Memory: 2 GB RAM (4 GB+ recommended)
✅️ Disk space: 800 MB for installation + space for the database
✅️ Database: SQL Server 2008+, SQL Express 2005+, MySQL 5.6+, MS Access (evaluation only) - See Database architecture for details
Note
(1) : For Windows Server Core installations, see the dedicated guide.
(2) : For workgroups, see the Standalone Terminal Server UserLock server type.
✅️ Protocols: ICMP (ping) and SMB TCP 445 must be allowed both ways between the UserLock Server and protected machines.
✅️ Service impersonation: Some operations require the UserLock service to impersonate an account with local administrative rights on target machines. See Service impersonation for details.
We highly recommend to check that the requirements are in place before deploying agents.
This section lists the requirements for machines where the UserLock Desktop Agent is installed, including workstations and terminal servers.
The same network and service prerequisites apply to both types.
✅️ Windows 11
✅️ Windows 10 (version 1809 and later)
✅️ Windows 10 (before version 1809) ⚠️ (1)
✅️ Windows 8 / 8.1 ⚠️ (1)
✅️ Windows 7 ⚠️ (1) (2)
✅️ Windows Server 2025
✅️ Windows Server 2022
✅️ Windows Server 2019
✅️ Windows Server 2016 ⚠️ (1)
✅️ Windows Server 2012 R2 ⚠️ (1)
✅️ Windows Server 2012 ⚠️ (1) (3)
✅️ Windows Server 2008 R2 ⚠️ (1) (4)
✅️ Citrix Metaframe XP, XenApp and Presentation Server 4 ⚠️ (4)
✅️ RemoteApp ⚠️ (5)
✅️ RD Web ⚠️ (5)
Exceptions and limitations
(1) : ⚠️ Not compatible with the UserLock password Credential Provider and MFA for UAC prompts.
(2) : ⚠️ Internet Explorer 9 or later is required for the MFA QR code to display.
(3) : ⚠️ Push notifications not supported.
(4) : ❌ MFA not supported.
(5) : ⚠️ Specific requirements for MFA, see the guide How to apply MFA for RemoteApp.
✅️ Remote Registry service enabled and started on each protected machine.
✅️ ICMP (ping) and SMB TCP 445 allowed both ways between the UserLock Server and protected machines.
✅️ Impersonation account (configured on the UserLock Server) must have administrative access to
\\machinename\admin$for deployment and remote management.
Note
If the admin$ share is disabled:
Go to the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters,set
AutoShareWksandAutoShareServervalues (REG_DWORD) to 1.Restart the computer.
UserLock includes two administration consoles:
the Desktop Console, automatically installed on the UserLock Server,
the Web Console, used for remote administration,
both consoles are functionally identical.
The following requirements apply to console installation and usage:
✅️ The Desktop Console is installed locally with the UserLock Server.
✅️ For remote administration, use the Web Console, which provides full management features from any browser.
Note
💡 For details about console setup, permissions, and usage, see Consoles.