search
close
UserLock Documentation
Home
Getting started
Use cases
Reference
F.A.Q.
Troubleshooting
Upgrade
Support
History
Download
UserLock Documentation
Home
Getting started
Requirements
Installation
Define a production database
Agent deployment
Audit logon events
Protect a new Active Directory account
License
Best Practices for using UserLock
Use cases
Multi-Factor Authentication
Implementing Multi-Factor Authentication
UserLock Push App
How to apply MFA for VPN
How to configure and install VPN Connect for MFA
How to apply MFA for IIS Apps such as OWA, RDWeb and Sharepoint
How to enable MFA for SSO
How to apply MFA for RemoteApp
How to apply MFA to Remote Desktop Gateway sessions
How to apply MFA for UAC prompts
How to enroll remote users
Onboarding for End Users - Push Notifications with UserLock Push
Onboarding for End Users – with an Authenticator Application
Onboarding for End Users – with a Token2 programmable token
Onboarding for End Users – with HOTP Token2
Onboarding for End Users – with YubiKey
Onboarding for End Users - Recovery codes
Implement Single Sign-On
Installation & configuration
Configure the applications
AdobeSign
Athena Health
AWS
Box
DocuSign
Dropbox
Google Workspace
Microsoft 365
Salesforce
ServiceNow
Slack
Slite
Zendesk
Disaster Recovery
Certificate Rollover
How it works - General case
How it works - Microsoft 365
Microsoft 365 with Active Directory
Microsoft 365 with Azure Active Directory Domain Services
UserLock SSO Assistant
Advanced
Amazon AWS Apps Portal
Configure a Non-Supported SaaS Application
Microsoft 365 PowerShell Commands
SSL certificate renewal automation
Limit simultaneous sessions by users, groups or Organization units
Restrict a user to connect only from a specific machine
Prevent access connections outside certain hours
Assign a logon time quota
Get/schedule a report of user access connection hours
Set an automatic logoff of idle sessions
Customize messages displayed to users
How to install UserLock on a Windows Server Core
Advanced use cases
How to install and configure UserLock Anywhere
UserLock Webhook Notifications – a Step by Step guide
How to Install UserLock in an Environment using VDI
Secure Remote Access to an Exchange Mailbox
Set up and restrict user access to Wi-Fi sessions
How to manage logons without network connection
Get Client IP for web requests through proxy
Reference
Protected sessions
Interactive sessions
Wi-Fi sessions
VPN sessions
IIS sessions
SaaS sessions
Sessions with local accounts
Configuration wizard
Server type
Network zone
Service impersonation account
Configuration progress
Server types
Primary server
Backup server
Standalone terminal server
Console
Administration from a remote computer
Server administration
Dashboard
Agent distribution
Deploying automatically
Deploying from the console
Deployer options
Agent configuration
Deployment status
Agent distribution filter
Protected accounts
Type
General
Multi-factor authentication
Notifications
Workstation restrictions
Hour restrictions
Geolocation
Time quotas
Group
Priority management
Multi-factor authentication
MFA Dashboard
MFA settings
MFA help
MFA restrictions
MFA reports
End User Onboarding
Single Sign-On (SSO)
Dashboard
Configuration
Settings
User sessions
Filters
Consumed time
Send popup
Block a user
Effective restrictions
Messages
Server Properties
General server properties
User status
E-mail settings for notifications
Webhook notifications
License information
Database
Service impersonation
Security
Agent Distribution
Terminal server
Synchronization
Advanced
Reporter
Report viewer
Export a report
Save/Load report configuration
Logon cleaner
Scheduler
Options
E-mail settings for scheduled reports
Logo configuration
Computer commands
Winforms Keyboard Shortcuts
Web application
Web app installation
Environment
Monitoring
Reporting
SysLocator
Agents
Desktop agent
Desktop agent technology
Agent/server communication
Desktop agent manual installation
Windows installer package
Group Policy deployment
NPS agent
NPS agent technology
NPS agent manual installation
NPS agent completing installation
Known limitations and additional settings
IIS agent
IIS agent technology
IIS agent manual installation
IIS agent configuration
Known limitations and additional settings
Reports
Database reports
Session history
User status history
Session statistics
Session count evolution
Concurrent session history
Event Timeline Report
Single Sign-On events
UAC events
Working hours history
Working hours by week and by month
Unauthorized working hours
Wi-Fi / VPN history
Wi-Fi / VPN users statistics
Wi-Fi / VPN statistics evolution
IIS history
IIS sessions statistics
Denied logon reports
Multi-factor authentication reports
Common report filters
Server reports
User sessions
Agent distribution
Dashboard
Advanced
Protected Accounts membership
Database Reference
Logons denied by Active Directory
How to enforce firewall requirements on UserLock Server and protected machines
Security
Advanced prerequisites
UserLock PowerShell
Requirements and launching
UserLock PowerShell help
PowerShell script examples
Cmdlet Help
Block-UserLockUserAccount
Close-UserLockSession
Get-UserLockAgentDistribution
Get-UserLockAgentDistributionConfiguration
Get-UserLockCommand
Get-UserLockIisSession
Get-UserLockInteractiveSession
Get-UserLockMessage
Get-UserLockOrphanedInteractiveSession
Get-UserLockProtectedAccount
Get-UserLockProtectedAccountEffective
Get-UserLockRasSession
Get-UserLockReportedComputer
Get-UserLockReportedUser
Get-UserLockServer
Get-UserLockServerConfiguration
Get-UserLockSession
Install-UserLockAgent
Lock-UserLockSession
New-UserLockProtectedAccount
Remove-UserLockProtectedAccount
Reset-UserLockSession
Restart-UserLockComputer
Send-UserLockPopup
Set-UserLockAgentDistributionConfiguration
Set-UserLockMessage
Set-UserLockProtectedAccount
Set-UserLockServerConfiguration
Start-UserLockComputer
Stop-UserLockComputer
Test-UserLockSession
Unblock-UserLockUserAccount
Uninstall-UserLockAgent
UserLock API
Backup
F.A.Q.
Installation
What Operating Systems are supported by UserLock
What is the hardware requirement?
What is the disk space consumed by the UserLock database?
What is the bandwidth consumed by UserLock?
Do I need to install UserLock on a Domain Controller?
Do I need to install UserLock on a dedicated server?
Can I install the UserLock console on another machine than the server?
What are the protocols used for UserLock server/agent communication?
What results (credentials, files, folders, registry...) from the installation of UserLock and its agents on a domain?
What are the requirements for the UserLock Backup server?
Configure client requirements through group policies
How do I install UserLock across multiple sites?
How to run a UserLock server installed on Windows Server 2019 with Desktop UserLock agents installed on Windows XP workstations
Can the UserLock SSO feature be installed as a separate service?
Is Userlock affected by the CVE-2021-44228 CVE-2022-22963 CVE-2022-22965 Log4Shell Vulnerability?
Why do I have to upgrade a beta version?
License
I have received my UserLock license serial. Where can I register it?
How many UserLock licenses do I need?
NEW: View the total number of active users (for customers with a perpetual license).
Do connections from local accounts consume a license?
Database
What are the supported database types?
Does UserLock need a dedicated SQL Server?
Is the UserLock database in free access?
Can I use the same database for the Primary and the Backup UserLock servers?
How can I define a MS SQL Server database in UserLock?
The size of my UserLock database does not decrease after having cleaned events.
How to use SQL Express and transfer records from the default MS Access DB
Migrate SQL Database from a SQL Server to another one
Configuration
Can UserLock support nested OU's and groups in Active Directory?
Does UserLock modify Active Directory?
I want to delegate the UserLock administration. Do the UserLock operators require Domain administrator privileges?
Can users stop the UserLock Agent on workstations?
Can I install several UserLock Backup servers?
Can the UserLock Backup server do load balancing?
How can I migrate UserLock server to another machine?
Enabling HTTPS on the UserLock Web Console
How to view and modify Advanced UserLock Settings
How to remove a machine from the « Agent Distribution» view in UserLock?
MFA
Which different MFA methods does UserLock support?
Can I apply MFA for users who are outside the local network?
Can I customize the on-boarding MFA messages?
Which authenticator applications are compatible/recommended for the MFA?
What if my users lose their token? How can they connect?
How do I reset an MFA key for a user who has lost/replaced their phone?
My users are getting the message 'this code is invalid’ when entering the MFA code.
Which tokens are supported by UserLock MFA?
What types of connections can UserLock protect with MFA?
Can users have a backup MFA method?
Can users have access to Recovery codes if they do not have access to their smartphone or token?
Is MFA compatible with MAC OS?
What is considered as “remote” and “outside” connections in the MFA settings?
Can I implement different MFA rules for VPN, RDP and SaaS sessions?
Are SSO logons considered as workstation or server connections?
Is it possible to apply MFA to local accounts?
Can MFA be applied to non-interactive sessions? (UAC prompts, run as, RSAT, PowerShell, etc)
Is it possible for multiple users sharing the same user account credentials to also share the same MFA key?
Troubleshooting
Since Windows 10 has been updated to Build 1803, users can not log on to the computers on which the UserLock Desktop Agent is installed
What happens if the UserLock Primary server and Backup server are not available?
What happens if the UserLock Primary server is down?
UserLock disaster recovery.
The UserLock server generates many logon events on my computers. How can I avoid this?
I get the following warning in the system event log of my UserLock Server: 3034:MRxSmb or 4:Security-Kerberos.
An error occurs when installing UserLock on a machine with Avast Antivirus
Web Console - HTTP Error 503. The service is unavailable
Web Console - Error message "Server Error in '/ULAdmin' Application".
Web Console - "ERROR [28000] (...) Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
How to check Windows services and network protocols requirements
How do I resolve the “Conflicted Installation Detected” in UserLock?
How to update the status of one specific computer in Agent distribution
How to fix the _No encryption provider available_ error for administration from a remote workstation?
How to enable verbose mode on agent logs through desktop console since UserLock 11.1
Push notifications
My mobile does not have internet access. How can I authenticate with UserLock Push?
Can I use the UserLock Push app to authenticate with MFA for third party apps?
I did not receive a push notification
I lost/replaced my phone. How do I recover my UserLock Push account?
Can I edit the name of the account in UserLock Push?
Can I protect UserLock Push app with biometric authentication?
I do not receive push notifications on my Xiaomi smartphone
Agents
How can I deploy the UserLock agent?
What is the UserLock agent weight?
How can I manually uninstall the UserLock agent from a workstation?
How to uninstall UserLock and remove all corresponding data
How can I allow an IIS application configured with custom user credentials rather than built-in machine credentials to work correctly with UserLock?
How can I deploy the UserLock agent on a Windows Server Core before UserLock 12.2?
Powershell
How to do a massive user sessions reset after a general power failure.
How to use UserLockPowerShell on Windows Server 2008 R2 or Windows Server 2008
Why is no UserLock PowerShell cmdlet available from a standard PowerShell console just after the UserLock installation?
Troubleshooting
Deployment errors
Server connection errors
Synchronization issues
Database problems
Remote logoff/lock errors
Notifications issues
Edge Browser issue due to MS update
Error message "Exception 11 caught while trying to contact UserLock service"
HowToFix articles
HTF001 - Name resolution
HTF002 - ICMP (ping)
HTF003 - File and Printer Sharing
HTF004 - Remote Registry service
HTF005 - Impersonation account
Upgrade
Support
History
Download
You are here:
Reference
>
Console
>
Server administration
>
Single Sign-On (SSO)
Single Sign-On (SSO)
Dashboard
Configuration
Settings
Server administration
Dashboard
Agent distribution
Protected accounts
Multi-factor authentication
Single Sign-On (SSO)
Dashboard
Configuration
Settings
User sessions
Messages
Server Properties