UserLock Documentation
UserLock Documentation
You are here: Reference > Agents > Desktop agent > Group Policy deployment

Group policy deployment

The UserLock 'Desktop' agent is designed to audit, control and protect workstations, servers and terminal servers. This agent audits all interactive sessions activity on these machines and protects them by applying a user access control policy defined through protected account rules.

This 'Desktop' agent has to be installed on the machines and communicates with UserLock servers to control all open requests for interactive sessions.

The UserLock 'Desktop' agent can be installed manually or automatically deployed through the UserLock console. However you can deploy the 'Desktop' agent through a third-party deployment solution or using Microsoft Group Policies. We provide MSI packages of the 'Desktop' agent for this purpose.

It is possible to also deploy agent settings and communication parameters through Microsoft Group Policies using a 'Group Policy Administrative Template' that we provide (compatible with Desktop Agents installed through the console, automatically, through MSI, manually...).

In the UserLock installation folder (by default 'c:\Program files[ (x86)]\ISDecisions\UserLock'), you will find this 'Group Policy Administrative template' named 'UserLock.adm'. Install the template in the 'Group policy' you want to use to deploy 'Desktop' agent settings and communication parameters.

Once the template has been added, you can go to 'Administrative templates' and display 'UserLock agent configuration' (use 'Classic administrative templates' in Windows Server 2008 and higher). You can then see the same agent settings as in the UserLock console and, additionally, communication settings allowing you to set the UserLock 'Primary server' name and the UserLock 'Backup server' name.

A setting configured through the group policy will override any value of the same setting already configured through the UserLock console and deployed by the service.

Double-click on the required setting to edit its properties.

On the affected computers, these Group Policy settings will be deployed to the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ISDecisions\UserLock\Agent" registry key: