Agent distribution
This section allows you to centrally manage how the UserLock Desktop Agent is deployed across your network. You can automate installation, control required services for deployment, and configure reboot behavior to ensure seamless and secure rollouts.
Note
To access this page, go to Server settings ▸ Agent distribution.
You need at least read permission on Machines and agents to view this page.
UserLock can automatically install or uninstall the Desktop agent on all workstations within the protected zone.
New machines added to the protected zone automatically appear in Environment ▸ Machines ▸ From protected zone and are targeted for agent installation when automatic mode is enabled.
Automatic deployment runs as part of the periodic check of agent status.
Deployment is sequential to avoid resource and bandwidth issues; rollout time depends on the number of machines and their availability.
When automatic mode is enabled, you can configure the following options:
Option | Description |
|---|---|
Distribution mode | Defines whether UserLock installs or uninstalls the Desktop agent. Install agent will also update agents that are out of date. |
Server distribution | By default, agents are not installed on machines running a server OS. Enable this option to include servers in automatic deployment. |
Remote installation requires elevated privileges for the UserLock service account (configured in Server settings ▸ Service ▸ Service Impersonation).
Automatic deployment requires that target machines meet the UserLock requirements (network services, permissions, protocols).
By default, the Desktop Agent is not deployed on server operating systems, and no restart will be initiated on operating systems that require it to enable protection (Windows XP, Windows Server 2003, and 2003 R2).
Automatic mode deployment does not install the NPS agent or IIS agent.
The Desktop agent can also be deployed through third-party tools or Group Policy using the MSI packages provided.
Agent deployment requires that the Remote Registry service is enabled and running on target machines.
UserLock can automatically start the Remote Registry service if it is stopped when attempting deployment. Recommended for smoother deployments.
Note
This option can also be triggered by the Fix it for me button shown in the result window after a failed installation attempt.
These reboot settings let you control how UserLock manages restarts on target machines, ensuring protection is correctly applied while balancing user experience and security requirements.
Option | Description |
|---|---|
Automatic reboot | Automatically restarts legacy systems (Windows XP, Windows Server 2003, 2003 R2) after agent installation if a reboot is required. |
Close applications | Forces restart even if users have unsaved work, closing applications automatically. |
Reboot time-out | Delay before restarting, during which a warning message is displayed so users can save work. The message can be customized in Server settings ▸ Messages ▸ Computer commands (“Install will reboot” or “Uninstall will reboot”). |