Access Management. How to Restrict & Monitor IIS Sessions

In addition to workstation, terminal and RAS sessions, UserLock can control, restrict and monitor IIS (Internet Information Services) sessions.

This feature allows an organization to define by protected account the number of maximum concurrent IIS sessions on a specific IIS application such as Outlook Web Access or Intranet site. The generated logs for all logon actions can also be used for reporting.

To monitor and control IIS sessions, the UserLock IIS agent needs to be deployed and then configured to the IIS Server.

From the ‘Agent Distribution View’, UserLock can automatically detect servers where IIS is installed and running. To deploy the UserLock IIS agent, select its line and launch the installation.

The agent uses the ISAPI Filters technologies. Once the agent is deployed, you need to configure the Web Site ISAPI Filters settings on the target server in IIS Manager.

Once the agent is registered, all IIS sessions for this Web site will be logged into the UserLock Database. They will be also displayed in real time in the User sessions view in the UserLock console.

Define a limit of concurrent IIS sessions

On the protected account view, create or open an existing rule. Check the Allowed IIS Sessions box and enter the limit of concurrent sessions that you want enforced. If the same credentials are used to open a second IIS session, this second session will be denied.