UserLock Documentation
UserLock Documentation
You are here: Reference > Agents > Desktop agent > Desktop agent manual installation

Desktop agent manual installation

The UserLock 'Desktop' agent is designed to audit, control and protect workstations, servers and terminal servers. This agent audits all interactive sessions activity on these machines and protects them by applying a user access control policy defined through protected account rules.

This 'Desktop' agent has to be installed on the machines and communicates with UserLock servers to control all open requests for interactive sessions.

The UserLock 'Desktop' agent can be installed through the UserLock console. However you can also deploy it manually through the following procedure which depends on the target operating systems. In all cases, defining the communication settings through specific registry values is required.

Install the agent manually

From Windows Vista / Windows Server 2008, the 'Desktop' agent is a Windows service defined to run as 'Local system'.
For Windows XP, Server 2003 and 2003 R2, another technology was used, contact us if needed.

  1. Copy the 'UlAgentExe.exe' file from the UserLock installation folder of the Primary server (localized by default in '%ProgramFiles(x86)%\ISDecisions\UserLock') to the system folder of the target machine ("%windir%\SysWOW64\" for 64-bit OS, "%windir%\System32\" for 32-bit OS).
  2. Copy credential provider files (only from Windows 10 version 1809 and Server 2019):
    • For a 64-bit target OS: Copy the files "UlCredProv_x64.dll" and "UlCredProvFilter_x64.dll" from the UserLock installation folder of the Primary server to the System32 folder of the target machine ("%windir%\System32\") and rename them respectively to "UlCredProv.dll" and "UlCredProvFilter.dll".
    • For a 32-bit target OS: Copy the files "UlCredProv.dll" and "UlCredProvFilter.dll" from the UserLock installation folder of the Primary server to the System32 folder of the target machine ("%windir%\System32\").
  3. Add the name of the UserLock server in the machine registry.
  4. Register the Windows service with the following command line (run as administrator):

    ULAgentExe.exe /SERVICE S
  5. Start the UserLock agent service using the 'Windows Services console' or the following command line (run as administrator):

    net start UlAgentService

No machine restart is required.

Update the machine registry

Additionally the UserLock 'Desktop' communication settings need to be configured on all machines, whatever operating systems or technologies are involved:

  1. Open the registry on the machine.
  2. Browse to the key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
  3. Create the following values:
    • 'UserLockServer' (REG_SZ) containing the name of the UserLock Primary server.
    • 'UserLockServerBackup' (REG_SZ) containing the name of the UserLock Backup server.

    For offsite computers, you might want to configure the following registry values as well:
    • 'UserLockInternetUrl' (REG_SZ) If UserLock Anywhere is enabled, create this registry value and set in its content the URL of UserLock Anywhere (learn more about UserLock Anywhere).
    • 'SessionsWithoutNetworkLogoffAgentInternet' (REG_DWORD) If UserLock Anywhere is enabled, the number of minutes the Desktop agent will wait between each request for the list of sessions to interact with.
    • 'UserLockCfg' (REG_DWORD) See details in the Windows Installer package page.


    Exemple via PowerShell :
    $RegKeyPath = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
    Set-ItemProperty -Path $RegKeyPath -Name 'UserLockServer' -Value 'ULSRVPRI'
    Set-ItemProperty -Path $RegKeyPath -Name 'UserLockServerBackup' -Value 'ULSRVBAC'
    Set-ItemProperty -Path $RegKeyPath -Name 'UserLockInternetUrl' -Value 'https://VES1.VDE.INTRA/ulproxy'
    Set-ItemProperty -Path $RegKeyPath -Name 'UserLockCfg' -Value 768

Please note:

Without setting these registry values, agents can't use localized UserLock servers.

Uninstall the desktop agent

You can also uninstall the 'Desktop agent' manually.

Unregister the agent with the following command lines (run as administrator):

NET STOP UlAgentService
C:\Windows\SysWOW64\ULAgentExe.exe /SERVICE U
C:\Windows\SysWOW64\ULAgentExe.exe /UNREGISTER

On a 32-bit operating system, replace "SysWOW64" with "System32".

Once done, the agent will be completely uninstalled.

To delete remaining files (logs, etc.) please see this page.