---
locale: "en"
updated_at: "2026-06-10T15:50:02.417Z"
canonical: "https://www.isdecisions.com/en/userlock/docs/getting-started/requirements"
---

# Requirements

System, network, and software prerequisites.

## UserLock Server requirements

This section lists the requirements to install the **UserLock Server** on a Windows machine.

### System requirements

- ✅ **Operating system:** Windows Server 2012 or later <sup>** (1)**</sup>
- ✅ **Active Directory:** Forest and domain functional level: Windows Server 2008 or higher  <sup>** (2)**</sup>
- ✅ **CPU:** x86 or x64; Dual-core 2 GHz minimum
- ✅ **Memory:** 2 GB RAM (4 GB+ recommended)
- ✅ **Disk space:** 800 MB for installation + space for the database
- ✅ **Database:** SQL Server 2008+, SQL Express 2005+, MySQL 5.6+, MS Access (evaluation only) - See [Database architecture](/userlock/docs/reference/core-concepts/database-architecture) for details

> **Note**
>
> - <sup>**(1)**</sup> : For **Windows Server Core** installations, see the [dedicated guide](/userlock/docs/guides/installation/install-userlock-in-a-windows-server-core).
> - <sup>**(2)**</sup> : For **workgroups**, see the [Standalone Terminal Server](/userlock/docs/reference/core-concepts/servers-types#standalone-terminal-server) UserLock server type.

### Network and service requirements

- ✅ **Protocols:** ICMP (ping) and SMB TCP 445 must be allowed both ways between the UserLock Server and protected machines.
- ✅ **Service impersonation:** Some operations require the UserLock service to impersonate an account with **local administrative rights** on target machines. See [Service impersonation](/userlock/docs/reference/server-settings/service#service-impersonation) for details.

We highly recommend to check that the requirements are in place before deploying agents. 

- See [Check Windows services and network protocols requirements](/userlock/docs/guides/installation/check-windows-services-and-network-protocols-requirements)
- See [Enforce firewall requirements on UserLock Server and protected machines](/userlock/docs/guides/installation/enforce-firewall-requirements-on-userlock-server-and-protected-machines)

## Protected machines requirements

This section lists the requirements for machines where the UserLock [Desktop Agent](/userlock/docs/reference/core-concepts/agents#desktop-agent) is installed, including **workstations** and **servers**.

The same network and service prerequisites apply to both types.

### Hardware

- ✅ **CPU:** x86 or x64

### Workstation operating systems

- ✅ Windows 11
- ✅ Windows 10 (version 1809 and later)
- ✅ Windows 10 (before version 1809) ⚠<sup>** (1)**</sup>
- ✅ Windows 8 / 8.1 ⚠<sup>** (1)**</sup>
- ✅ Windows 7** **⚠<sup>** (1)**</sup>** **<sup>**(2)**</sup>

### Server operating systems <sup>(6)</sup>

- ✅ Windows Server 2025
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016 ⚠<sup>** (1)**</sup>
- ✅ Windows Server 2012 R2 ⚠<sup> </sup><sup>**(1)**</sup>
- ✅ Windows Server 2012 ⚠<sup> </sup><sup>**(1) (3)**</sup>
- ✅ Windows Server 2008 R2 ⚠<sup> </sup><sup>**(1) (4)**</sup>
- ✅ Citrix Metaframe XP, XenApp and Presentation Server 4 ⚠<sup> </sup><sup>**(4)**</sup>
- ✅ RemoteApp<sup> </sup>⚠<sup> </sup><sup>**(5)**</sup>
- ✅ RD Web<sup> </sup>⚠<sup> </sup><sup>**(5)**</sup>

> **Exceptions and limitations**
>
> - <sup>**(1)**</sup> : ⚠️ Not compatible with the **UserLock password Credential Provider** and **MFA for UAC prompts**.
> - <sup>**(2)**</sup> : ⚠️ Internet Explorer 9 or later is required for the MFA QR code to display.
> - <sup>**(3)**</sup> : ⚠️ Push notifications not supported.
> - <sup>**(4)**</sup> :  ❌ MFA not supported.
> - <sup>**(5)**</sup> : ⚠️ Specific requirements for MFA, see the guide [How to apply MFA for RemoteApp](/userlock/docs/guides/mfa-implementation/remoteapp-mfa).
> - <sup>**(6)**</sup> : For specific details regarding the desktop agent with **Windows Server Core**, please refer to [this link](/userlock/docs/guides/deploying-agents/desktop-agent#for-windows-server-core).

### Network and service requirements

- ✅ **Remote Registry** service enabled and started on each protected machine.
- ✅ **ICMP (ping)** and **SMB TCP 445** allowed both ways between the UserLock Server and protected machines.
- ✅ **Impersonation account** (configured on the UserLock Server) must have administrative access to `\\machinename\admin$` for deployment and remote management.

> **Note**
>
> If the `admin$` share is disabled:
> 
> 1. Go to the registry key 
> `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters`,
> 2. set `AutoShareWks` and `AutoShareServer` values ​​(REG_DWORD) to 1.
> 3. Restart the computer.

## Administration consoles requirements

UserLock includes two administration consoles:

- the **Desktop Console**, automatically installed on the UserLock Server,
- the **Web Console**, used for remote administration,
- both consoles are functionally identical.

The following requirements apply to console installation and usage:

- ✅ The Desktop Console is **installed locally** with the UserLock Server.
- ✅ For remote administration, use the **Web Console**, which provides full management features from any browser.

> **Note**
>
> 💡 For details about console setup, permissions, and usage, see  [Consoles](/userlock/docs/reference/modules/consoles).
