Installing and Configuring UserLock Web Application on IIS

Learn how to install and configure the UserLock web administration console on IIS to manage UserLock remotely through a web browser. The web console provides the same interface and features as the local desktop console.

Published October 4, 2024

Overview

By default, the UserLock desktop administration console is installed on the main UserLock server.

To allow administrators to access UserLock from other computers, you can install the UserLock Web application on an IIS server.

The web console offers the same interface and management capabilities as the desktop console.

Useful resources

Requirements

The IIS server hosting the UserLock web console must meet the following prerequisites:

Component

Requirements

Operating system

Windows Server 2012 R2 or later

Web server

IIS 6.0 or later, with Windows Authentication option

Frameworks

Microsoft .NET Framework 4.7.2 and .NET 8.0 or higher

.NET trust level

Must be set to Full in IIS

Browsers

Recent versions of Microsoft Edge, Google Chrome, or Mozilla Firefox

Browser configuration

JavaScript and cookies must be enabled

Note

Changing the .NET Global Trust level can cause encryption problems between the web console and the UserLock service. Always keep the trust level set to Full.

Step 1. Install the UserLock Web application

On the main UserLock server:

  • Default setup: The web console is already installed.

  • Custom setup:

    1. Open Control Panel → Programs → UserLock → Change.

    2. Select Modify.

    3. Check Web console.

    4. Finish the wizard to install the feature.

On another server

  1. Run the UserLock installer.

  2. Choose Custom setup.

  3. Add the Web console feature.

  4. Unselect other features you do not need.

  5. Complete the installation wizard.

Step 2. Configure the Web application in IIS

  1. Launch the UserLock Configuration Wizard from the Start menu.

  2. Click Configure next to Web Application.

  3. Click Configure to start the configuration:

  4. The wizard checks for missing Windows components and offers to install them automatically.

  5. Select the IIS site where the web application will be deployed.

  6. When setup is complete, you can access the UserLock web console through the IIS site.

Step 3. Connect to a remote UserLock server

If the web console is installed on a different server than the main UserLock server, you may receive an access denied error.

This is because, by default, IIS prevents authentication delegation between servers.

Option 1. Use Basic Authentication

  • Change the authentication mode for the UserLock virtual directory to Basic Authentication.

  • Enable SSL to ensure credentials are encrypted during transmission.

Option 2. Enable delegation

Grant the IIS server permission to delegate authentication to the UserLock server:

  1. On a domain controller, open Active Directory Users and Computers.

  2. Find the IIS server hosting the web console.

  3. Right-click → PropertiesDelegation tab.

  4. Select Trust this computer for delegation to specified services only.

  5. Check Use any authentication protocol.

  6. Click AddUsers or Computers.

  7. Enter the name of the UserLock server, then click OK.

  8. Select the cifs service → OK.

  9. Click Apply, then OK.

  10. Wait for domain replication to complete.

  11. Open the web console and add the UserLock server.

Troubleshooting

If you encounter issues during installation or connection: