+1-800-492-3951 or +335.59.41.42.20 (GMT+1)
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems.
RemoteExec remotely installs applications, executes programs, scripts and updates files and folders on Windows systems throughout the network.
WinReporter retrieves detailed information about hardware, software and security settings from Windows systems and automatically generates reports.
Topics
See all insights
Latest
Privileged Access Management for Windows Active Directory Domains
Insider Threat Software - An early indicator to prevent attacks
Auditing File Access in the Cloud
Featured
Information Security Advice for SMB (Infographic)
The Role of File Auditing in Compliance
Key Indicators of Compromise
UserLock protects and supports all terminal sessions. You just need to install the agent on Terminal Servers. There is nothing to install on thin clients (terminals) themselves.
To monitor terminal sessions you first need to deploy the UserLock desktop agent on the Terminal Server. This is the same micro agent that is used for workstation protection and with the same requirements (see previous tutorial).
Once installed all local sessions and terminal sessions open on this server will be detected, monitored and audited. The session label is made up of the name of the target server and the workstation from which the terminal session is open.
Within UserLock you can create or modify protected account rules to define limits to Terminal sessions.
As done for workstation sessions, check the corresponding box to define a limit of concurrent terminal sessions authorized for users. Once the limit is reached further terminal sessions will be refused.
UserLock can also define a total number of allowed concurrent sessions for both workstation and terminal sessions combined. This is called ‘Interactive sessions’ in UserLock.
Restrictions can also be defined and enforced with regards to workstations from which users can open a terminal sessions. Set by typing an IP range, a name or Organizational Unit, not forgetting to specify the terminal session type.
In the same way you can also authorize or deny hours during which a user can open a terminal session. The same restrictions as the workstation sessions can be applied. Take a look at the previous tutorial for more details.
Additional settings are available for the Terminal Session’s management. Right click on the ‘Agent distribution’ to display the agent properties. On the right of the Agent configuration section you will find options to manage the behavior of the terminal sessions through UserLock.
By default the option ‘Try to join any existing session on server’ is set to ‘always’. Choose to adapt this as desired according to an organization’s session policy.
In addition, the terminal console session can also be excluded from the restrictions if wished.