UserLock Documentation
UserLock Documentation
You are here: Reference > Agents > Desktop agent > Desktop agent technology

Desktop agent technology

The UserLock 'Desktop' agent is designed to audit, control and protect workstations, servers and terminal servers. This agent audits all interactive sessions activity on these machines and protects them by applying a user access control policy defined through protected account rules.

The 'Desktop' agent is based on two technologies, depending upon the operating system on which it is installed.

From Windows Vista / Windows Server 2008

The 'Desktop' agent is a Windows service defined to run as 'Local system'.

When a session is authorized by Windows authentication, the system usually starts the 'UserInit' process in order to initialize the session. UserLock configures the system to start the ULAgentExe process instead. The ULAgentExe process asks the UserLock server if the session is allowed, and then only if the session is allowed with regards to the defined user access control rules (UserLock protected accounts), the 'UserInit' process is started to initialize the session. Otherwise the session is closed.

For Windows XP/2003/2003R2 machines

The 'Desktop' agent is a GINA DLL (Graphical Identification and Authentication Dynamic-Link Library).

Every time a user initiates a logon or a logoff, the 'Winlogon' process calls the UserLock GINA to authenticate the user. As a first step, the UserLock GINA forwards the call to the standard Microsoft GINA. If the user is successfully authenticated by Windows security, the agent notifies the UserLock server and UserLock applies its own user access control rules (protected accounts) in order to accept or reject the logon.

There are other products that need to replace the original Microsoft GINA DLL. For example, the Novell client, Smart Card authentication systems or old versions of PCAnyWhere. If you are using such products, you should first check that the UserLock agent works correctly with your software on a single test workstation before deploying it.

The GINA technology was removed from Windows Vista, so the UserLock 'Desktop' agent is based on a Windows service technology for higher operating systems.