Web app installation
Requirements
The UserLock web application must be hosted on a web server that meets the following requirements
- Windows 2012 R2 or higher operating system
- IIS 6.0 or higher installed with the Windows Authentication option
- Microsoft .NET Framework 4.7.2
- .Net Core 3.1 or higher installed
- Ensure that the .NET Global Trust level must be set to Full in IIS for the UserLock application to work properly
- It is not recommended to change this value as it will cause encryption problems between the web app and the UserLock service.
To view the application, you will need a recent browser:
- Microsoft Edge, Google Chrome or Mozilla Firefox in a recent version
- Javascript and cookies allowed
Installation
-
When installing UserLock, if IIS is detected on the server being used, you will automatically be prompted to install the web application. Click 'Yes' to launch the web interface configuration tool.
- Select the IIS website where you wish to install the UserLock web application and click 'Install' in the 'UserLock Web Interface' section.
- UserLock will check all prerequisites, and if necessary, offer to download or/and install any missing Windows components or features. Accept the suggestions and follow the instructions.
- Once the web application and components are installed, access the application via the url configured in IIS (http://ServerName/userlock)
- If your browser asks for your Windows credentials, enter them to continue. If you are browsing from the server, you may need to run the browser with the "Run as Administrator" option.
The application should automatically detect and connect to the UserLock server. If this fails, you will be redirected to the server entry page. Enter the server name or IP address and continue to be automatically redirected to the application home page.
Installing on a different server
You can install the web application on a different server from the main UserLock server by following the same procedure.
However, with the default configuration of the IIS virtual directory 'UserLock', you will get denied access if you try to connect to a remote UserLock server (from a web server perspective).
You should therefore:
- Change the authentication mode to 'Basic Authentication' for the 'userlock' virtual directory and enable SSL to prevent your password from being sent in the clear over the network.
- or enable delegation for the account running the Web Application
To configure delegation open "Active Directory Users and Computers" select the select the computer account of the server running the web application, click right "Properties". On "Delegation" tab, check "Trust this computer for delegation to specified services only" and "Use any authentication protocol".
Select the computer name of the UserLock to administrate, "cifs" and add.
Troubleshooting
In case of errors connecting to the UserLock server, you will be redirected to the following page:
UserLock service stopped
Make sure the UserLock service is started on the server. If it is stopped, start it and refresh the page.
Non-administrator account
If the message "You are not allowed to administer this UserLock server!" appears when you click the "Connect" button on the error page, it means that the Windows account you are using is not allowed to administer UserLock.
- Open the UserLock app and go to the Server properties page of the server.
- In the "Security" section, add the account you are using to the list and add the necessary rights.
- Click on the "Apply" button
- Go back to the web application and click on the "Connect" button
Insufficient permissions
Depending on the permissions configured in UserLock for the Windows account used, you may encounter the following error page:
- Open the UserLock app and go to the server properties page.
- In the "Security" section, select the relevant Windows account.
- In the list of checkboxes on the right, make sure that the "User Sessions" read rights are checked, otherwise you will not be able to view the vast majority of the application's pages.
- To have access to perform actions on sessions, add write permissions.
- To view the list of machines, make sure you have "Agent Distribution" read permission.
- To access actions on machines, add write permissions.
- To view the server properties from the web application, make sure the "Server Properties" read permission is checked. To be able to modify them, add write permissions.