UserLock Documentation
UserLock Documentation
You are here: Getting started > Agent deployment

Agent deployment

To monitor interactive sessions, start by deploying the Desktop agent on few machines where you want to audit and/or restrict users' access.

Check requirements

  • Any Windows operating systems from Windows 7 / Server 2008 R2.
  • The ICMP (ping) protocol must be authorized both ways between the UserLock server and the machines protected by UserLock.
  • The 'Microsoft File and Printer Sharing' protocol (SMB TCP 445) must be authorized both ways between the UserLock server and the machines protected by UserLock.
  • The 'Remote registry' service must be enabled and started on machines protected by UserLock.

A comprehensive description of UserLock requirements is available here.

Deploy agents manually on a few machines

  1. Select 'Agent distribution' in the menu tree to open the agent deployment view.

  2. The view will display all machines detected in the network zone that UserLock has to monitor. Select the desired machines by holding down the 'Ctrl' key and clicking on their corresponding lines. Then click on 'Install' in the 'Quick access' panel displayed on the right.

    Different layout options allow you to arrange the view if the list of computers displayed is too long. You can change the data layout from the 'Quick access' panel by selecting one of the available predefined filters or through the different filters from each column head.

  3. A new tab will open in the central window to display the deployment process status and results.

    If an issue should occur, such as a missing requirement, for example, a message will be displayed for the machine in question with some indications on how to solve it.

    Please see the section named 'Troubleshooting' if you meet any issues at this stage.

  4. Close this tab to come back to the previous view and click on 'Refresh' in the 'Quick access' panel.

    The 'Desktop' agent is now installed on the selected machines. From now on, all access connections on the selected workstations will be audited and saved in the UserLock database. Please see the section 'Use cases' to discover what you can achieve with UserLock.

    UserLock offers several agent types according to the type of sessions it has to monitor. The same machine (workstation or server) can host several types of agents (Desktop, NPS, IIS). To learn more about these different UserLock agents, please see the section named 'Agents'.

Deploy agents automatically

An automatic deployment mode is available to install the ‘Desktop’ agent on every workstation detected in the network zone monitored by UserLock. By default, servers are excluded from this deployment process.
We recommend validating the agent on a few machines before starting the automatic deployment mode.

  1. Select 'Agent distribution' in the menu tree to open the agent deployment view.

  2. In the view header, click on the 'Automatic mode' button.

  3. A pop-up message will ask you to confirm the automatic mode start-up. Click on 'Yes'.

    Note that servers are excluded by default. We advise you to keep this exclusion if you are currently learning about the software.

  4. The automatic mode has started. Click on 'OK'.

  5. Click on 'Refresh' in the 'Quick access' panel after a while to follow the installation progression. This process is performed sequentially so as not to consume resources and bandwidth, so the time required to deploy the 'Desktop' agent on all machines around the network will depend on the number of listed machines and their availabilities (reachable or unreachable).

    Note that the 'Automatic mode' button has changed to 'ON'. Clicking it again will turn it off.

Once installed, all access connection on workstations will be audited and saved in the UserLock database. Please see the section named 'Use cases' to discover what you can achieve with UserLock.

UserLock offers several agent types according to the type of sessions it has to monitor. A same machine (workstation or server) can host several types of agent (Desktop, NPS, IIS). To learn more about these different UserLock agents, please see the section named 'Agents'.

Notes

  • Note that agent activation on Windows 2003 server and Windows XP operating systems requires a restart to activate the protection. You can restart these types of computers directly from the 'Agent distribution' view. Select the computers concerned and click on 'Reboot' in the 'Quick access' panel. Or schedule this reboot during non-business hours independently from UserLock.
  • You can also deploy the 'Desktop' agent through a third-party deployment solution or by using 'Microsoft Group Policies'. We provide MSI packages of the 'Desktop' agent for this purpose.