Environment
The "Environment" section of UserLock allows you to view the protected machines and users, as well as to set certain server properties.
You can access the Environment section by clicking on the icon in the application menu. The submenu allows you to navigate through the different pages of the section.
List of Machines
The Machines submenu allows you to access the page listing all the machines found in Active Directory Organizational Units protected by UserLock. From this page you will be able to configure the installed agents and perform actions on the machines.
For each machine, you will see by default :
- Its name
- Its role (workstation, server, DC, IIS, NPS)
- Its IP address
- The available agents
- The date the agent was last checked
- The date of the last detected activity of the agent
Other columns can be displayed, and the table can be filtered and sorted on all columns.
For each machine, you can also perform the following actions:
- Reboot
- Shut down
- Wake up
- Initiate a remote connection
- View details
Manual Agent Installation
In order to protect user access to the network, you must install UserLock agents on each machine to be protected. Depending on the roles of a machine, you will be able to install Desktop, IIS, NPS and Mac agents.
To install, uninstall or update an agent, simply click on the agent button and choose the desired action from the menu that appears.
In the menu, you will also find additional information, such as the version number or possible issues to be addressed.
The color of the button of the agent reflects its status:
- : The agent is not installed on the machine.
- : The agent is installed and up to date on the machine.
- : The agent is installed but an update is available.
- : The agent is installed but needs to be updated to be fully functional.
- : The agent information is not available due to a communication problem with the machine.
- : The agent is being installed.
- : The agent installation has been started but requires additional manual configuration on the machine. In this case, the sub-menu will provide a link to the documentation to guide you through the configuration.
When you initiate the installation or uninstallation of an agent, you are notified of the execution of the action via the administrator actions icon:
By clicking on this icon, the list of your last administrator actions and their results appear:
You can also find the list of actions performed by all administrators in the Administrator Actions Report.
Installing Multiple Station Agents on the Fly
You can install Desktop agents on multiple machines at once. When you hover over the row of a machine, a checkbox appears next to the machine name. After checking the machines you are interested in, simply click the "Actions" button and select the "Install/Update Desktop Agent" option.
Note : For IIS and NPS agents, this option is not available, you must perform each installation individually.
Automatic installation of Station Agents
You can automatically install Desktop Agents on all machines in your protected zone. We recommend that you enable this feature. This way, as soon as a new machine is added to your protected zone, the agent will be automatically installed, and you will be sure that all machines will be protected.
Activation of this feature can be done from the machines page using this button:
For more information on the automatic installation of Desktop agents, you can consult this page of the UserLock console documentation.
Machine Details
In the UserLock web application, you can easily view all the information about a machine by clicking on its name. This opens a dashboard window with a summary view of the machine's data.
- Agent distribution: list of agents available on the machine, with the status and available actions of each agent
- Daily activities: number of sessions that have been opened, refused connections, users that have used the machine, and duration of the time the machine was in use
- Active sessions: list of active sessions running on the machine, with the user name, type and status of each session
- Events in the last few days: statistics on the number of sessions opened per day according to their type, the number of refused connections, MFA events and connected users
The left pane menu also provides links to all available reports. Each report is already pre-filtered to show only the data for the current machine.
User List
The Users submenu allows you to access the page listing all the users in your Active Directory who have logged on since UserLock was installed.
For each user you will see by default :
- The user name
- The number of active sessions
- The date and machine of the last login
- The date and machine of the last disconnection
- The user's MFA configuration
- The status of the user
Other columns can be displayed, and the table can be filtered and sorted on all columns.
You will also be able to perform actions on users (blocking the user, managing MFA Help Requests).
User details
In the UserLock web application, you can easily consult all the information of a user by clicking on his name. A window will then open with a dashboard offering a summary view of the user's data.
- Activities of the day: number of sessions that have been opened, refused connections, separate machines used, total session time
- Active sessions: list of active sessions currently being run by the user, with the name of the machine, the type and the status of the session for each
- Events in the last few days: statistics on the number of open sessions per day by type, number of refused connections, MFA events and machines used
- MFA Configuration: user-configured MFA methods
- Working Hours: summary of all connection time by the user (default for the current week)
- Effective Restrictions: summary of UserLock restrictions applied to the user. The details can also be viewed by clicking on the "Details" button
The left pane menu also provides links to all available reports. Each report is already pre-filtered to show only the data for the current user.
Server properties
The configuration parameters of the UserLock server have been grouped together on this page.
Here is the list of available properties.
- General: setting access policies, off-network connections, UserLock AnyWhere URL, wake-up/close session options, time-related options (local time, notification time before logout).
- Multi-factor authentication: configuration of MFA methods, recovery code functionality, IIS MFA URL, help button functionality, and customisation of various messages
- Licensing: registering the UserLock activation key and displaying the list of audited and blacklisted users.
- Agent Deployment: set the functionality of the automatic installation of Desktop agents and the automatic start of the Remote Registry Access service.
- Database: configure the database used by UserLock to save user session activities.
- Email Settings: configure the SMTP server used by UserLock to send you email
- Webhook: configure the URL for receiving webhooks sent by UserLock
- Advanced Settings: configure the advanced options affecting the behaviour of UserLock - accessible via F7 in the current console.
- Synchronisation: configure the synchronisation parameters between the main server and the backup server and maintenance actions (synchronisation, connection test) - available on a server configured with the role "backup server".
- Terminal Server: configure the options affecting the behaviour of UserLock in independent terminal server mode - available on a server configured with the "independent terminal server" role.