UserLock Documentation
UserLock Documentation

Version History

UserLock 6.0 Released: June 16th, 2011

Added

  • Dutch translation of messages displayed to users (Thanks to a customer from The Netherlands).
  • The welcome message now contains time quota information.
  • (Please take note: This is only available for new installations. For any upgrade, you need to add manually to the Welcome message the dynamic variable “%quotainformation%”).
  • Ability to define the length of the countdown before the logoff for sessions over time quotas (see "Logoff notification timeout" in UserLock server "Properties").
  • New reports in Web administration console: "Session count evolution", "RAS / VPN history", "RAS / VPN users statistics".
  • Audit and display session with local accounts.
  • Protection of IIS authenticated sessions (e.g. control access to Outlook Web Access or an Intranet).
  • Ability to define daily, weekly or monthly quotas.
  • Additional type of account protection: OU (Organizational Units) users. Added to protected users and protected groups.
  • Ability to define restrictions on workstations with the OU (Organizational Unit) of computers.
  • Ability to add multiple OUs in a protected zone.
  • Specialized reports for RAS sessions (History, Evolution and Statistics).
  • New report that displays the progression of the total number of opened sessions.
  • New popup technology to replace the deprecated Microsoft Messenger service technology.
  • Ability to send messages (displayed in a popup) to users from the UserLock console.
  • New server properties to automatically logoff exceeding sessions (oldest or newest first).
  • New server property to carry over unused time count.

Improved

  • A deleted account is removed from the session database after 2 days if the account has no session. If the account has session it will be removed after 30 days.
  • A different message is displayed to the user when a session is closed in reason of a maximum session length rule (SESSION_LENGTH_LOGOFF) and in reason of maximum locked time (SESSION_LOCKLENGTH_LOGOFF).
  • In the "Protected accounts" view of the Windows administration console, "Add Organizational Unit" (OU) now displays an edit box to be able to add an OU with no connection to Active Directory.
  • In the welcome message, if a refused connection is listed, then a warning icon is displayed instead of the information icon.
  • UserLock does not generate error events for a ghost session over time restrictions.
  • UserLock can now display in agent distribution computers from domains outside the local forest if they are included in the protected network zone.
  • If UserLock is upgraded, then the web console configuration in IIS is automatically upgraded too.
  • Ergonomics of both administration consoles.
  • Column names in "Consumed time" view of user sessions.
  • AD tree in the user view now displays all local accounts in the "Local accounts" node.
  • Icons of IIS sessions inserted into reports.
  • Update of all Web console icons.
  • Unit change for "RAS / VPN users statistics" (all but "Session count" graph type) reports: the unit is now “hours" instead of "days".
  • The UserLock service account no longer requires administrative rights on the UserLock server itself.
  • If many protected accounts are configured (more than 100), the protected accounts view is displayed faster.
  • The protected accounts synchronization with the backup server has been optimized (only modified protected accounts are synchronized).
  • The UserLock service starts faster in case of large AD environment or bad connectivity with domain controllers.
  • User names are updated every 24 hours.

Fixed

  • On Windows server 2008/2008 R2 the UserLock console did not ask the privilege elevation.
  • In the web configuration tool the Upgrade button was not grayed when the console configuration was up to date.
  • Bugs in reports when used with a MySQL database.
  • Some bugs in reports when launched from the web interface.
  • Bug when decreasing consumed time and UserLock was installed in French.
  • IIS sessions could not be reset in some cases.
  • Consumed time for quota was not maintained on the backup server.
  • It was not possible to decrease consumed times for more that the quota period. Same problem on quota information displayed in the welcome message.
  • It was not possible to reset sessions with local accounts.
  • The logoff of a previous session was not working on Windows 2000 computers.
  • If a localization mask was provided to extract the room and the building from the computer name, bogus sessions were displayed in the sessions by computer view.
  • Applying server properties on the web console was generating the error message "The specified cast is not valid".
  • The Userlock agent could consume 100 % CPU time on one thread on computers with many logons denied by Windows (e.g. public terminal servers attacked by bots).
  • If the length of the protected zone name was exceeding 512 characters (many OUs with long names) the UserLock server automatically switched to the whole domain as protected zone.
  • If IIS sessions were controlled on an IIS application pool with a : char in the name an exception occurred when displaying the user session view in the console.
  • Bug in Windows and Web administration consoles if the protected zone was composed by several Organizational Units (OU): only the first OU was displayed in the UserLock server properties.
  • Bug in the "Protected accounts" view of the Web administration console, if the auto filter was enabled then: "Properties" was displayed in the filter header, and an error page was displayed if it was selected.
  • Bug in the "User sessions" view of the Web administration console, if the auto filter was enabled then: "Quotas" was displayed in filter header, and an error page was displayed if filter didn't correspond to any result data or if "User sessions" contained no data.
  • Bug in the Web administration console: the initialization of encryption is now executed with the application pool account to prevent any permission issues with user accounts.
  • The "Display name" of protected accounts was not resolved after a UserLock service restart.
  • When NetBios and AD domain names differed, then the restrictions of OU protected accounts were not applied.
  • When several domains were selected in the UserLock protected zone, then only the first one was protected by UserLock.
  • It was not possible to add computers in workstation restrictions by browing the AD.
  • In the web interface it was not possible to add a time frame for only thursday.
  • For multi-forest environments: if no DC for a specific domain was unavailable during the UserLock service restart, then all accounts from this domain were replaced by their SID.
  • If a protected account was renamed in the AD and the UserLock service was restarted, then it was not possible to display the properties of that protected account.
  • The IE9 cache was disallowing displaying up to date reports through the web console.
  • The session statistics report could not be displayed from the web console. An error was generated instead.
  • Bug in english WinForms console: "Maximum session length" and "Maximum locked time" were switched.
  • Bug when the Desktop agent sent unsubmitted logon events for sessions with local accounts to the UserLock server: these events were not correctly considered.
  • Bug in protected account view of administration consoles: if semicolon was in the field "Name", "Canonical name", "Email recipient" or "Popup recipient" then error messages were displayed.
  • Bug in license count management: sessions with local accounts were counted into license count.
  • The member names of external domain's Organizational Units are no longer prefixed by the domain protected by UserLock.
  • Bugs when adding time quotas to a protected account.
  • Bug when trying to display session history for local accounts via right mouse click.
  • AD tree in the user view now saves the last selected node to display it again the next time.
  • Bugs when computing "Average time per working day" and "Average time per week" into "RAS / VPN users statistics" reports.
  • Bugs when modifying protected account restrictions with no intermediary validation between actions.

UserLock 5.5 Released: December 4th, 2009

Added

  • The agent can now notify a lock notification when a password protected screen saver starts (In agent distribution properties select "Consider screen saver time as locked time"). In previous version the lock event was notified only when the session was resumed and the locked notice displayed. (Agent update needed).
  • UserLock can now logoff automatically a session that is locked for more than a specified time. In concerned protected accounts select "Maximum locked time" and specify a number of minutes. Combined with the ability to notify a lock event when the screen saver starts, sessions can be closed after a specified time of inactivity. (Agent update needed).
  • Ability to power off computers from the console.
  • Ability to deploy agent settings with group policies. This is useful if you already deploy the agent with the msi package through group policies. The .adm file is installed in the UserLock program folder. (Agent update needed).

Improved

  • Recovery of the console if the layout or the default UI settings become corrupted.
  • The agent automatically increases the retry time interval when trying to send unsubmitted logon events to the UserLock server in order to avoid overloading the server after a long time of unavailability.
  • Logoff in reason of time restrictions of many sessions on terminal servers.
  • Better error handling when scheduling reports.
  • An infinite loop protection when a protected AD global group was member of itself in order to avoid that the service hangs in this situation.
  • The Windows console has been optimized to manage more than 10 000 users and more than 10 000 computers.
  • The GINA chaining registry value OldGinaDll has been renamed to UlOrigGinaDll to avoid a conflict with Avatier Password Station that uses the same value. Upgraded agents will still use the value OldGinalDll for compatibility with old installations.
  • The UserLock GINA now exports WlxReconnectNotify and WlxDisconnectNotify functions in order to improve compatibility with other GINAs.
  • Ability to use a large number of protected accounts (up to 10000).
  • The query of the session history report was optimized in order to display the report faster.
  • The session history report can now display independently logons denied by UserLock and logons denied by Windows (e.g. Invalid password).

Fixed

  • Customized logo header and footer were not displayed when a report was generated from the web interface.
  • When displaying the session history of a user/computer from the web interface by clicking on the user/computer link, denied logons were not include in the report.
  • The NPS agent was not writing in its log file in Windows 2008/2008 R2. On these versions of Windows the path of the log file is now c:\ProgramData\ISDecisions\UserLock\UlIasAgent.csv.
  • Some bugs in the NPS agent on Windows 2008/2008 R2.
  • The NPS agent was breaking down the computer authentication for Wi-Fi access points.
  • A compatibility problem with NComputing terminal servers.
  • Email notification were not always sent during the logoff of a member of a protected group.
  • If sessions were closed or opened since the last web console refresh a logoff/lock/reset from the web console may be applied on a wrong session.
  • In some cases, when the UserLock primary service stopped, some communication pipes remained open and agents did not failover on the backup server.
  • A problem when displaying reports from a MySQL database.
  • The configuration tree did sometimes not show up any longer and the console layout needed to be reset.
  • Protected account settings for remote access sessions were not synchronized with the backup server.
  • In the web interface, the hour restrictions mode was not reflecting actual settings on the server and changes did not take effect.
  • If an exception occurred inside the service, a memory leak might have occurred in some cases.
  • Every minute, the service has been generating an unneeded workload in the lsass.exe process and could slow down logons controlled by UserLock.
  • UserLock performance counters were not working from a terminal session.
  • UserLock performance counters did not work in a counter log because of security issues except if the account of the service "Performance logs and alerts" was switched to localsystem.
  • The backup server was sometimes incorrectly displaying some sessions as orphaned.
  • The UserLock service was sometimes hanging while stopping.
  • In hour restrictions, times were not always displayed in US format if US culture was defined.
  • For Windows Vista/7 workstations if the logoff could not be notified to the UserLock server, the previous session was not automatically cleaned when a new session was opened on the workstation.
  • UserLock was unable to get the member list of nested groups from another domain.
  • Editing a time frame was resetting concerned session types to interactive.
  • Editing a workstation restriction or a custom session limit was also resetting concerned session types to interactive in the web console.
  • A compatibility issue with Kbox on Windows Vista/7 computers.
  • Modifying an hour or workstation restriction and applying it several times was duplicating it.
  • A parenthesis "(" or ")" in a user display name was generating an exception in the UserLock console.
  • The SysLocator was crashing when some Vista workstations had more than one session.
  • If a deleted account was still listed in UserLock access permissions the console was unable to display server properties.
  • The Session statistics report did not show up in the web console and was not generated when scheduled.
  • The UserLock agent service on Windows Vista/2008/Seven/2008 R2 was in some case starting too slowly disallowing to control the first session after a boot if the user was very fast to enter his password. (Agent uninstallation and reinstallation needed).
  • When new settings of a protected account were applied several times it could duplicate workstation restrictions, time frames or custom limits.
  • Some bugs in the session history report.
  • When the number of user sessions was exceeding the license no error events were generated to warn the administrator.
  • In some case an exception was occurring when displaying the dashboard or sessions by machine.
  • Applying new properties on the primary server with the web interface was unregistering the backup server and sessions were no longer synchronized.
  • When a protected account was created in the web console with a different case than the AD, displaying immediately properties was generating an exception.
  • The Windows console was allowing removing and adding protected accounts on the backup server even that a UserLock backup server is read only.

UserLock 5.0 Released: May 29th, 2009

Added

  • The RemoteApp feature of Windows 2008 terminal services is now supported.
  • Citrix XenApp is now supported as terminal server.
  • MySQL databases are now supported through the ODBC driver (use the ODBC wizard to generate the connection string).
  • A new dashboard allowing displaying statistics in charts.
  • A new server report to display a printable version of the dashboard.
  • Protection of RAS sessions on a RRAS server or on a hardware router with RADIUS authentication on a NPS server.
  • Extended filter/sort and group capabilities.
  • Generation of reports can easily be scheduled without writing command lines. Reports can also be automatically sent to an E-mail recipient.

Improved

  • The UserLock console no longer requires administrative rights.
  • The UserLock console displays now a message when the user is not allowed to administrate UserLock.
  • The license protection system was enabled again. Current customers can install and use this version if they have an up to date maintenance.
  • The user load routine when the UserLock service starts and more than 10000 users are in the session database.
  • The SysLocator was translated in French.
  • Web console keeps user settings (filter, view mode, lines per page ...).
  • French version is available.
  • SysLocator has been updated to a new version (you need to upgrade the IIS virtual folder with the Web configuration tool).
  • Brand-new tabbed interface (Web & Windows).
  • UserLock Reporter is directly integrated into the console.
  • UserLock Logon Cleaner is directly integrated in the console.
  • UserLock Scheduler is directly integrated into the console.
  • The Active Directory tree can be displayed for the Agent Distribution view and the Session view by computers.
  • UserLock reports now use a new report engine and a new report design.
  • For a comprehensive list of all new features please read the following document: What's New in UserLock 5

Fixed

  • A slash (/) or a colon (:) in a user display name was generating an exception in the UserLock console.
  • The error management while uninstalling an agent was not displaying an intelligible message in case of error (Unexpected error while executing the command).
  • A bug in the AD tree if a domain contained several OUs with the same short name.
  • The context menu on tabs was not working.
  • The Windows Vista/2008 agent was launching the 32 bits UserInit.exe executable on 64 bits machines.
  • Some column names in the raw data of the Session statistics report were in French.
  • In some cases the agent distribution computer list was empty and an error event was generated in the server application log (source UL2000) with "Invalid parameter detected" in the description.
  • It is possible again to add local groups and local users in the UserLock permissions.
  • An access violation exception (Event id 700) in the UserLock service when a user was removed from the AD but a session was still registered in UserLock for him.
  • After changing the connection string in the server properties the create table button did not work if you did not apply the new settings before (Error: "Failed to create the table! [Microsoft][ODBC Driver Manager] Function sequence error").
  • A problem disallowing the agent to start on Windows 7.
  • Resetting RAS sessions is now possible.
  • Hyperlink allowing displaying the session history on a user is restored in the web console.
  • AD tree is correctly displayed in the Windows console if more than one domain are in the protected network zone.
  • AD tree is now kept after refreshing the agent distribution view in the Web console.
  • Database reports can use again wildcard in the following field filters: user name, computer name, client name, client address.
  • Various corrections of interface texts.

UserLock 4.0 Released: June 18th, 2007

Added

  • Windows Server 2008 compatibility.
  • Ability to monitor logon denied by Windows (invalid password). These events can be displayed to users in the welcome message. Audit logon events policy needs to be enabled for failure events for all protected computers (doable through group policies).
  • The new license system was integrated. Current customers with an up to date maintenance can already ask for their UserLock 4 license key
  • Ability to print the pages User sessions and Agent distribution from the web console.
  • Ability to define working hours for protected users.
  • Ability to define maximum session time for protected users.
  • Ability to define maximum group limits.
  • The administrator will have the possibility to enable an option allowing users to remotely close their previous session as they logon to another computer.
  • Ability to define access rights to the UserLock administration console.
  • Ability to breakdown the computer name syntax into a readable format in order to locate computers (building/room).
  • Ability to customize the console’s User sessions view.
  • The web console can display the user session and agent distribution result in paged mode.
  • Multi selection in the User sessions view of the MMC console.
  • Ability to customize the agent distribution view.
  • The user display name is now displayed in the user sessions view of the console and in reports instead of the user account name.
  • Terminal session connection/disconnection tracking.
  • Ability to enable a public Web interface (SysLocator) allowing users to locate free computers.
  • Ability to automatically generate reports at regular intervals.
  • Two new reports (printable version of what you see in the console) Agent Distribution and User sessions In order to avoid any misunderstanding the old “User sessions report” was renamed into “Session history”.
  • Ability to display reports from the Web console.
  • The UserLock agent will send its status at each computer startup.
  • The agent will notify to the server any computer crashes to fix the session database.
  • The UserLock agent will regularly try to send unnotified logon events to the server.
  • Support of Windows Vista.
  • For more information about all new features see the document What's new in UserLock 4 This version will display a warning message to users saying that this beta version should only be installed on a test environment. If you want to install this beta version on your production environment please enroll to the UserLock 4 beta program by sending a mail to support@isdecisions.com This beta version will expire end July.

Improved

  • Ability to use a localization mask with a naming convention that identifies building with letters (A,B,C,...). New wildcards to be used in the mask are: * = Building, % = Room, ? = Machine. Localization masks using the previous system will still work.
  • UserLock service dependency to the workstation service.
  • The help file was updated. The online version is available here.
  • Button sizes in the web console.
  • Some internal improvements in the UserLock service.
  • All executables including the installation package are now signed.
  • During a migration from UserLock 3 if the group UserLock Admins exists, UserLock administration rights are automatically added for this group.

Fixed

  • Some issues with Windows Vista and Windows Server 2008.
  • Service wasn't stopping properly in case of a server shutdown/reboot.
  • If a maximum session time was set immediately after the installation of UserLock all already opened user sessions could be logged off in some specific cases.
  • A potential deadlock in the UserLock service.
  • When trying to uninstall the agent from a computer without the agent installed a wrong error message was displayed.
  • The previous session logoff dialog was not fully translated in English.
  • A memory leak in the backup server.
  • A session with a local account was sending connect/disconnect notification to the UserLock server leading to an error event.
  • In some cases the web interface was unable to display reports.
  • The welcome message wasn't displayed after the logoff of a previous session.
  • If the logon rate was too high, the transaction log (ulagent.log) was not regularly cleaned.
  • If a protected account was based on a universal group, UserLock wasn't including members of other domains in the list of concerned users.
  • If a UserLock admin had only the right to administrate sessions he was unable to display reports because he was not allowed to retrieve the database connection string.
  • Internal exceptions when the user session list was empty.
  • Crash of the session statistics report when the database was empty.
  • The ascending/descending order radio buttons were not working correctly in the session statistics report.
  • Some temporary files were not cleaned while generating report in a batch or in a scheduled task.
  • When disconnecting a locked terminal session the UserLock service was sometimes thinking that the session was still active.
  • The permissions tab and the user sessions by computer view were not grayed on backup servers.
  • A bug was making crash the MMC console in some cases while refreshing the view.
  • A bug in hours management when a session needed to be closed at 12:00 AM.
  • A handle leak while sending E-mail notifications.
  • Two memory leaks in the UserLock service.
  • Removed: The beta warning.
  • A bug in the web console while displaying sessions by user.
  • A bug leading to users with empty names.
  • A bug while deploying the agent on Windows Vista computers.
  • Important! Existing customers with an up to date maintenance need to ask for their new UserLock 4 license key before installing this new version on their network.

UserLock 3.5 Released: September 21st, 2005

Added

  • Support of the beta version of the new Windows Vista agent that can be downloaded from the following link: http://www.isdecisions.com/download/ULAgentVista.msi
  • You need to install manually the msi file on each Windows Vista machine to protect. You will get more information about the setup in the following document: http://www.isdecisions.com/download/ULAgentVista.pdf
  • Abitity to reboot computers through the MMC administration console (Already available in the web console).
  • Support of x64 workstations and terminal servers.
  • The UserLock server can be installed on x64 servers in the following modes: Primary server, backup server and relay server. The standalone terminal server mode is currently not supported.
  • Information: The x64 version of the agent is numbered 3.0.7.37 (instead of 3.0.7.35 for the x86 version).
  • New! A web interface in order to administrate UserLock through a web browser. The web interface is similar to the MMC based administration console.
  • New features only available in the web interfaceAbility to Logoff/Lock/reset several sessions at a time.
  • Ability to reboot workstations.
  • Ability to only display users with an active session.
  • Features not available in the web interface (only available in the MMC console)
  • Reports cannot be displayed.
  • The database wizard cannot be used to configure the database connection string.
  • You cannot browse for computers or user accounts.
  • You cannot start the Logon cleaner.
  • If IIS is not installed while installing UserLock you can configure the web interface later by starting the UserLock Web admin configuration tool from the start menu.

Improved

  • User accounts are now sorted by name in the web interface.
  • The user sessions report show up faster.
  • When a computer is removed from the domain with a session registered in UserLock the session is now automatically removed.
  • Important! For existing customers, the upgrade procedure was updated in the FAQ. Please take a look.

Fixed

  • The UserLock server no longer tries to deploy the GINA agent on Windows Vista computers. "OS not supported" is returned.
  • In some cases a communication problem was leading to display invalid characters.
  • In some rare cases the database insertion thread was crashing while connecting to the database.
  • The protected zone was not configured correctly for domains with a NetBIOS name different than the hostname. Symptoms: Just the server itself was displayed in agent distribution.
  • The web interface configuration tool was changing the authentication mode on the root folder of the IIS site instead of doing it directly on the UserLock virtual folder.
  • A UserLock service installed on a Windows 2003 SP1 server was unable to deploy the agent on 64 bits computers.
  • A problem while sending E-mail notifications to some specific SMTP servers.
  • The UserLock service was hanging in some cases (Error 0x0000079 in the console).
  • A few bugs in reports.
  • A bug in the LogonCleaner.
  • A bug in the communication between the web console and the UserLock server. The user sessions list or the agent distribution list were incomplete in some cases.
  • A bug in the policy.
  • In some rare cases if an internal exception occured in the UserLock service users were unable to logon (a service restart was needed to fix the problem).
  • A few bugs in the web console.
  • UserLock was not working correctly on domains with an '@' character in the NetBIOS name.
  • Citrix presentation server 4.0 register now its GINA in a different way and this was leading after an upgrade of both products to the unability to open ICA sessions (the logon hang).
  • The database insertion thread was crashing in some case disallowing any new insertions.
  • UserLock 3.5 beta 2 was unable to logoff/lock users with the administration console.
  • Database connection string changes through the web interface were not applied immediately.
  • The 404 web page was not correctly registered in the IIS virtual folder.

UserLock 3.0 Released: March 15th, 2004

Added

  • Ability to display a welcome message to the user with information about the last logon. You can configure this in protected accounts. You need to deploy the new agent for the feature.
  • In the User sessions report. The ability to filter computers with wildcards (*,?). For example to only display the report for room (example ROOM10*).
  • The User sessions report can display the computer occupation percent during the report period and you can also specify the total number of computers for the calculation.
  • Ability to only display user sessions outside working hours in the User sessions report.
  • Ability to group logons by user, domain, computer, client name or client address in the User sessions report.
  • The Logon Cleaner allowing you to regularly delete old logons in the UserLock database to save disk space. You can schedule the logon cleaning.
  • Ability to specify a computer name (instead of selecting the computer in the browser) in client restrictions.
  • Abiliy to import automatically at the first service start-up settings of a previously installed copy of Userlock 2.x (except deployment settings).
  • Error events for helping to understand problems during synchronization, notifications, database insertions.
  • Ability to protect terminal sessions. RDP sessions (Microsoft) and ICA sessions (Citrix).
  • Ability to protect standalone Terminal servers in a worgroup (using local accounts).
  • Backup servers (one for each primary server).
  • Ability to protect several domains with one primary server.
  • Ability to protect only 1 organizational unit in a AD domain.
  • Ability to log lock/unlock events on workstations.
  • Ability to insert logon/logoff/lock/unlock events in a ODBC database.
  • Two printable reports "User Sessions report", "User sessions statistics".
  • Regular check on all workstations for unknown sessions.
  • Ability to logoff users in the UserLock console.

Improved

  • If the service is unable to retrieve the computer lists from the network zone an error event is inserted only if the problem occurs during more than 30 min (e.g. DC unavailable).
  • Error handling while sending E-mail notifications.
  • If the global catalog is too big the configuration wizard list only OUs in the local domain.
  • AD tree is displayed faster in the Configuration wizard.
  • The service loads the computer list faster from organizational units.
  • During an administrative logoff or lock if the session was not found the session is removed from the database.
  • Auto reconnection to the database after a connection failure.
  • The deployer can detect IP conflicts to avoid the generation of events 3034:MRxSmb or 4:Kerberos (KRB_AP_ERR_MODIFIED). To enable this you need to create the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\ISDecisions\UserLock\CheckIpConflict = REG_DWORD:1 When done restart the UserLock service. The status of all faulty computers will display "Invalid address".
  • The export button for reports is available directly in the viewer.
  • Final version of the help file.
  • Access denied directly at the connection to the service if the user is not allowed to administrate UserLock.

Fixed

  • A memory leak in the service when the network zone was an Organization Unit.
  • If the UserLock service was installed on a Windows server 2003 the console launched reports on the default database with a wrong connection string.
  • In the User sessions report the total computer time was wrong in some cases.
  • Wild card characters were not working when using the User sessions report on a MS Access database.
  • The configuration wizard was unable to display organizational units on domain with a NetBIOS name different from the DNS name.
  • When the remote registry service was not running on workstations the agent status was false (Upgrading (Waiting for reboot)) and the deployer did not report any error while installing the agent.
  • Reports were printing the result on two US letter pages instead of one. If you still have the problem please contact us at suport@isdecisions.com.
  • A bug in the database insertion. An invalid character was added at the end of strings for some databases.
  • The uninstall link was not checking if agents were still deployed.
  • A bug while trying to send a test E-Mail or while specifying a new database connection string in the console (Unable to read data & Permanent error).
  • The deployer was unable to update the agent on computers with a third party GINA installed.
  • After registering the backup server client workstations were configured only after the next service start.
  • After a workstation reboot the UserLock server was not able to detect lost sessions on this workstation.
  • Client restrictions were not applied on terminal sessions during a session reconnection.
  • A communication problem between the console and the server occuring only in rare cases (Symptom: incomplete computer and session list).
  • Crash of the USerLock service if not enough swap file was available on the server.
  • For workstations with a NetBIOS name with more than 15 characters the logoff was sometimes locking up the workstation.
  • In evaluation mode the lock/unlock activity was not inserted in the database.
  • The export in CSV was not working in reports.
  • A bug that was leading in some cases to a service hang.
  • A bug in the logon policy.
  • When locking terminal sessions from the console the session was closed instead of disconnected.
  • When a logon was denied for a terminal session a logoff was generated immediately after.
  • Information: This version is compliant with the agent of all versions greater or equal than 2.4. However if a UserLock 2.xx agent is deployed you should upgrade the agent as soon as possible to get all new features working.

UserLock 2.6 Released: December 13th, 2002

Improved

  • Deleted account are automatically removed from the user sesssions report (when the service starts).
  • Accounts with a last logon time older than 1 month are automatically removed form the user sesssions report (when the service starts).
  • Use 10 times less CPU.
  • The agent doesn't display an error message during the logoff when the workstation is unplugged (for laptops).
  • Ability to display variables (%sessions%) in denied messages.
  • If a user has exceeded the number of allowed sessions UserLock check that he's really logged on all computers before giving a negative answer. This feature require to upgrade to the new agent.
  • The deployment thread ping all computers before trying to connect to them in order to avoid long timeouts. If needed the ping can be disabled with the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\ISDecisions\UserLock\NoPing = 1 (DWORD).
  • The multiselection is now allowed when adding restricted/allowed workstations (Windows 2000).

Fixed

  • A bug leading to a periodic service crash in some cases.
  • The logons can be ordered according the logon/logoff time in the console.
  • Displayed columns can now be customized in the console.
  • Bug in the policy settings.
  • Bug in the notifications. The already logged on computers were not displayed since the 2.6 version.