How to apply requirements on UserLock Server and protected machines
This step by step guide will show you how to apply the requirements necessary on the UserLock server and protected machines before installing the agents.
We will see how to set up:
- Windows Firewall rules (ICMP requests, SMB, remote registry service) on UserLock server and protected machines
- Advanced configuration to secure network traffic between UserLock server and protected machines only
- Using GPO to apply Windows Firewall rules
Windows Firewall rules:
Here we will see how to create inbound Firewall rules on UserLock server and protected machines
File and Printer Sharing
Remote registry service /!\ Only on machines where the UserLock agent is to be installed.
Advanced configuration:
In the above section we showed how to create inbound Firewall rules on UserLock Server and on protected machines.
In the below section, we will see an advanced configuration to secure network traffic between UserLock server and protected machines only.
We need to edit each rule created before and specify in scope tab the "Source" (local IP Address) and the "target" (Remote IP address).
From UserLock server side:
In Local IP Address : add the IP Address(es) of UserLock server(s)
In Remote IP Address :
As you can see there are multiple options:
In the below example, set an IP Range which can be assigned to protected machines
From Protected machines side:
In Local IP Address : In the below example, set the same IP range which can be assigned to protected machines.
In Remote IP address : add IP address(es) of UserLock server(s)
Using GPO to apply Windows Firewall rules:
To apply advanced rules on UserLock server and on protected machines, we need to create 2 GPO.
1 GPO for UserLock server
1 GPO for Protected machines
UserLock server GPO:
Protected machines GPO:
