The UserLock 'Desktop' agent is designed to audit, control and protect workstations, servers and terminal servers. This agent audits all interactive sessions activity on these machines and protects them by applying a user access control policy defined through protected account rules.
How does the agent find the server?
The UserLock Primary server always deploys its own network address and the network address of the Backup server to all agents. The agent will normally be able to contact a UserLock server without any problem.
The agent tries various ways to contact the UserLock servers in the following order:
- The UserLock Primary server (deployed address).
- The latest successfully contacted server (if different from the Primary server).
- The UserLock Backup server (deployed address) (if different from the latest successfully contacted server).
- Attempts to contact a server named UserLock.
- Attempts to contact a server named UserLock Backup.
Protocols used to communicate
The agent tries to first ping the server before initiating the communication so the ICMP protocol should be allowed between clients and UserLock servers.
The agent communicates with the UserLock server via the 'Microsoft Print and File Sharing' protocol (SMB TCP 445). Typically client workstations need to be able to access shares on UserLock servers.