UserLock Documentation
UserLock Documentation

UserLock Frequently Asked Questions

Can MFA be applied to non-interactive sessions? (UAC prompts, run as, RSAT, PowerShell, etc)

UserLock can protect Windows UAC (User account control) credential prompts displayed when launching administrative tasks or during "Run as administrator" requests. See the use case here.

UserLock cannot protect other types of non-interactive sessions (runas etc.).

The other sessions types that can be protected by MFA are the following:

  • Local and RDP sessions on workstations and servers running Windows Vista and higher or Windows Server 2008 R2 and higher. See the use case here.
  • Remote Desktop Gateway. See the use case here.
  • VPN sessions managed by RADIUS Challenge or Microsoft Routing and Remote Access Service (RRAS). See the use case here.
  • IIS sessions such as OWA, RDWeb and Sharepoint. See the use case here.
  • SaaS sessions. See the use case here. See here for a full list of compatible applications.