Advanced Agent Deployment of UserLock

With simple, intuitive deployment processes, IT managers can rapidly install UserLock and instantly control user access and protect their Windows Network.

Three different ways exist to deploy the UserLock Desktop agent.

Deploy with the integrated Installer Engine

The first way to deploy the desktop agent is by using the UserLock console and its integrated installer engine.

For this method, the only requirements concern two protocols that need to be authorized on the server and the workstations firewall:

  • ICMP to allow the ping
  • The Microsoft File and Printer sharing for the deployment and the future communication between the server and agents

All the machines that are members of the protected zone are displayed in the ‘Agent Distribution view’. UserLock regularly checks the protected zone to get all UserLock agent status.

From this view the desktop agent can be deployed by selecting target computers and clicking on ‘install’.

Launching an Automatic Process

Alternatively you can launch an automatic process which will deploy the agent on every machine for which UserLock detects that it’s missing. Just click on ‘Start the Automatic mode’.

By default only workstations will be targeted.

This feature proves especially useful. If a new machine is added to the network zone that UserLock is protecting, it will be automatically protected without having to do anything.

After a short time, the UserLock desktop agent will be installed on all workstations. Refresh the view to observe new information, such as the agent status, version, etc…

If your network contains some old XP operating systems, you will note a status called ‘Installing’. This status means that the machine requires restarting to validate the installation. You can wait for a restart to be done from the users or you can do it yourself by selecting those machines and launch this restart. Higher operating systems are not concerned.

Right clicking on ‘Agent distribution’ menu will display the options available for the deployer engine. As seen previously, old operating system require a reboot to validate the agent installation. You can enable an automatic reboot for these specific cases and choose its conditions.

Using the MSI package

If you want to use a third solution deployment tool, we provide a Msi package for the UserLock Desktop agent.

You can find the download link in the UserLock help documentation. There are two versions of this package: 32 bits and 64 bits depending on your target operating systems.

Installing the agent with the MSI package requires you to specify arguments. By default communication settings are not configured when installing the micro-agent. You need to specify two MSI properties which are the name of your UserLock Primary server and Backup server.

MSI package through GPOs

You can also use this Msi package through GPOs.

In this case, you can use an additional administrative template instead of MSI Arguments to specify the agent communication settings.

Open your Group Policy console to add the UserLock administrative template. Its name is ‘UserLock.adm’ and you can find it in the ‘UserLock installation folder’.

Once the template is added you can go in ‘Administrative templates’ and display ‘UserLock agent configuration’.

You can then see the same agent settings as in the UserLock console and additionally you will also see communication settings - allowing you to set the UserLock Primary server name and the UserLock Backup server name for the agent.

Note that a setting configured through the group policy will override those defined through the UserLock console.