Web app installation
Requirements
The UserLock web application must be hosted on a web server that meets the following requirements
- Windows 2012 R2 or higher operating system
- IIS 6.0 or higher installed with the Windows Authentication option
- Microsoft .NET Framework 4.7.2
- .Net Core 3.1 or higher installed
- Ensure that the .NET Global Trust level must be set to Full in IIS for the UserLock application to work properly
- It is not recommended to change this value as it will cause encryption problems between the web app and the UserLock service.
To view the application, you will need a recent browser:
- Microsoft Edge, Google Chrome or Mozilla Firefox in a recent version
- Javascript and cookies allowed
Installation
With the release of UserLock 12.1, there is a new configuration wizard tool to help you set up the Web App. If you are installing an older version of UserLock, follow the Procedure for the most recent public version.
- Installing with new configuration wizard (from 12.1)
- Installing with old configuration wizard (12.0 or older)
Installing with new configuration wizard (from 12.1)
-
When you first install UserLock, you will prompted through the configuration wizard to install the Web Application. This configuration tool can also be launched later by running the UserLock 'configuration wizard' in the Start menu.
-
The wizard will check if there are any missing Windows components that need to be installed. If there are, you will be prompted to let the tool install them for you.
-
Select the site where you want to add the Web App.
-
Once the installation is complete, you can start using the Web App on the IIS site you configured.
Installing with old configuration wizard (12.0 or older)
-
When installing UserLock, if IIS is detected on the server being used, you will automatically be prompted to install the web application. Click 'Yes' to launch the web interface configuration tool.
- Select the IIS website where you wish to install the UserLock web application and click 'Install' in the 'UserLock Web Interface' section.
- UserLock will check all prerequisites, and if necessary, offer to download or/and install any missing Windows components or features. Accept the suggestions and follow the instructions.
- Once the web application and components are installed, access the application via the url configured in IIS (http://ServerName/userlock)
- If your browser asks for your Windows credentials, enter them to continue. If you are browsing from the server, you may need to run the browser with the "Run as Administrator" option.
The application should automatically detect and connect to the UserLock server. If this fails, you will be redirected to the server entry page. Enter the server name or IP address and continue to be automatically redirected to the application home page.
Installing on a different server
You can install the web application on a different server from the main UserLock server by following the same procedure.
However, with the default configuration of the IIS virtual directory 'UserLock', you will get denied access if you try to connect to a remote UserLock server (from a web server perspective).
You should therefore:
- Change the authentication mode to 'Basic Authentication' for the 'userlock' virtual directory and enable SSL to prevent your password from being sent in the clear over the network.
- or enable delegation for the account running the Web Application
To connect through the app to a UserLock server installed on another machine than the IIS server where the web app is installed, delegation of cifs (Common Internet File System) type services must be enabled from the IIS server to the UserLock server.- On your domain controller, open the Microsoft Management Console "Active Directory Users and Computers"
- Find the server with the IIS role where the web app is installed
- Do a right click, then "Properties"
- Go to the Delegation sub-panel, then check "Trust this computer for delegation to specified services only", then check "Use any authentication protocol"
- Click on "Add...", then "Users and computers"
- Type the name of the UserLock server, then click OK
- In the list, select the line for cifs services, then click OK
- Click on "Apply", then OK
- Wait a few minutes for synchronization to happen
- Open the web app, add the UserLock server
Troubleshooting
In case of errors connecting to the UserLock server, you will be redirected to the following page:
UserLock service stopped
Make sure the UserLock service is started on the server. If it is stopped, start it and refresh the page.
Non-administrator account
If the message "You are not allowed to administer this UserLock server!" appears when you click the "Connect" button on the error page, it means that the Windows account you are using is not allowed to administer UserLock.
- Open the UserLock app and go to the Server properties page of the server.
- In the "Security" section, add the account you are using to the list and add the necessary rights.
- Click on the "Apply" button
- Go back to the web application and click on the "Connect" button
Insufficient permissions
Depending on the permissions configured in UserLock for the Windows account used, you may encounter the following error page:
- Open the UserLock app and go to the server properties page.
- In the "Security" section, select the relevant Windows account.
- In the list of checkboxes on the right, make sure that the "User Sessions" read rights are checked, otherwise you will not be able to view the vast majority of the application's pages.
- To have access to perform actions on sessions, add write permissions.
- To view the list of machines, make sure you have "Agent Distribution" read permission.
- To access actions on machines, add write permissions.
- To view the server properties from the web application, make sure the "Server Properties" read permission is checked. To be able to modify them, add write permissions.