UserLock Frequently Asked Questions
Is the UserLock agent a Windows service?
The "Desktop" agent is based on two technologies, depending on the operating system on which it is installed on.
For Windows Vista/7/2008/2008R2/8/2012/2012R2 machines
The "Desktop" agent is a Windows service defined to run as "Local system".
When a session is authorized by Windows authentication, the system usually starts the "UserInit" process in order to initialize the session. UserLock configures the system to start the ULAgentExe process instead. The ULAgentExe process asks the UserLock server if the session is allowed, and then only if the session is allowed with regards to the defined user access control rules (UserLock "Protected accounts"), the "UserInit" process is started to initialize the session. Otherwise the session is closed.
For Windows XP/2003/2003R2 machines
The "Desktop" agent is a GINA DLL (Graphical Identification and Authentication Dynamic-Link Library).
Every time a user initiates a logon or a logoff, the "WINLOGON" process calls the UserLock GINA to authenticate the user. The UserLock GINA forwards in a first step the call to the standard Microsoft GINA. If the user is successfully authenticated by Windows security, the agent notifies the UserLock server and UserLock applies its own user access control rules ("Protected accounts") in order to accept or reject the logon.
There are other products that need to replace the original Microsoft GINA DLL. For example the Novell client, Smart Card authentication systems or old version of PCAnyWhere. If you are using such products you should check in a first step that the UserLock agent works correctly with your software on a single test workstation before deploying it.
The GINA technology was removed from Windows Vista, so the UserLock "Desktop" agent is based on a Windows service technology on higher operating systems.
We invite you to read the UserLock documentation to discover others UserLock agents technology.