Version History

Discover the bugs fixed

• Outlook Web Access may generate numerous logon/logoff events in a short time interval in some cases.
• IIS Session revocation is not supported by the UserLock ISAPI Filter agent type.

• In some cases logons denied by Windows have an invalid client address.
• Regression introduced in version 8.01 The IP address is showing ?.?.?.? for workstation sessions.

• On a UserLock server (except in Standalone Terminal Server mode), Wi-Fi / VPN and IIS logons with local accounts denied by Windows are notified to the UserLock service although UserLock doesn't manage such events.
• The error event 100 "Opened session without SID" is inserted every time the User sessions view is displayed.
• The UserLock Server service can run at a high CPU usage of 100 percent when some specific errors occurs.
• On a Windows Server 2003 Domain Controller, the Desktop agent notifies all IIS logons denied by Windows for the IIS account "DomainName\IUSR_IisDcName" to the UserLock service.
• Client restrictions are no longer applied during session reconnections if a restriction of concurrent sessions allowed is also defined.
• When a terminal session reconnection is denied due to workstation restrictions only the first attempt is inserted in the database.
• In some cases the Database connection type is not correctly detected by the Web console.
• A user logon denied by Windows due to account restrictions is not displayed in the Session history report.
• The Web console dashboard displays some errors when UserLock is configured to use a MySQL ODBC database.
• The Windows console displays an error message when open on a server whose name starts with a number.
• In some cases the logoff is not notified by the UserLock Agent Service to the UserLock server when a computer is powered off.
• If no domain controller is available the NPS agent may not initialize correctly.

Discover the bugs fixed

• When a user has a read only access to the server Properties, the account defined in the Impersonation section is indicated as invalid even it is actually valid.
• A Protected zone composed of many Organizational Units or domains is not displayed correctly in the server Properties.
• On the session history report "Since the specified number of days" can be empty.
• Quick filters applied from column heads of the User sessions view are lost after clicking on Refresh.
• It is not possible to connect to a remote server with the Web admin console from Windows 2003.
• Actions on Temporary Protected accounts do not work from the Windows console.
• Web console - Actions performed by the same UserLock operator from two different browsers are not automatically notified to both browsers.
• Web console - On tablet device, the server icon is moving when scrolling.
• The Service impersonation section should not be displayed in Standalone Terminal Server mode.
• Protected account settings are not saved in Standalone Terminal Server mode.
• Web console - The search feature from the Filter panel is only performed on data from the main column of the view.
• Well-know accounts are protected by UserLock.
• Settings are applied again when clicking OK even if Apply has already been clicked previously.
• It's impossible to click Apply or OK after having deleted a Time restriction or a Workstation restriction.
• The Logon Notification message doesn't contain the reason why the logon is denied.
• Agents communication pipes without any activity are not disconnected.
• When applying a Security permission right as authorized for Read and denied for Write, it's registered as denied for both Read and Write.
• The Windows Console crashes when an agent deployment action can't be cancelled.
• Remote logoff sent to an unavailable machine to apply a rule limit is performed anyway when the machine comes back online even if this rule limit is no longer relevent at that time.
• The IIS agent (ISAPI filter) is not compatible with the command line registration (REGSVR32).
• The IIS agent (HttpModule) is not compatible with the command line registration (REGSVR32).
• The Popup notification column from the Protected accounts view displays an incorrect status.
• Permissions set on the IIS agent log file and the IIS agent Registry key are incorrect.
• When the UserLock help file is opened in full screen mode, it's impossible to switch between the help file and the UserLock console.
• The UserLock IIS agent may crash its Application Pool when several Application Pools are running with different identities.
• It is not possible to save the result of a report executed in Raw data mode through the menu File/Save... of the Windows console.
• It's not possible to apply changes after having modified Logon events selection of the feature "Warn users in real time of all connection events involving their credentials".
• Restarting a computer without open session from the Machine view of the Web Console fails and displays an error.
• The message displayed on the Notification sent for Logon denied by Userlock is not enough understandable.
• Filter criteria from the Agent distribution view in the Web Console contain an unknown agent type.
• Column contents overlap in the Session history view of the Web Console when using small screens.
• Wi-Fi / VPN session names displayed in Protected Accounts Notifications are not as user friendly as those displayed in UserLock consoles.
• Webconsole, machine view, reboot a workstation with a session doesn't work
• It is not possible to schedule a SQL query
• After an upgrade the reporter still tries to access the default database at the old location
• The User status breakdown graph is taking a long time to be displayed in the Web Console Dashboard.
• An invalid service impersonation account generates many events from the UserLock service still trying to use it.
• The shutdown action is immediately initiated without warning previously users.
• The User session view option "Display AD tree" remains enabled after disabling it and refreshing the view.
• User statistics displayed on the Web Console Dashboard are inconsistent in some specific cases.
• IIS logons denied by Windows on a Web application configured in Basic authentication mode generate a second attempt of insertion in the database.
• Userlock Service cannot start when the Userlock.log log file contains only space characters.
• Local account names are not listed in the User sessions view in display mode by computers.
• The LogonInfo and Status fields are not synchronized between the Backup and the Primary server.
• The User status section and the license section of the Backup server are editable.
• In the Web Console, applying the filter "None" in the User sessions view generates an error.
• In the Web Console, switching the number of lines displayed in the User sessions and Agent distribution view can cause an error message.
• The Welcome message is not displaying the reason of a UserLock denied logon.

Discover the bugs fixed

• With the web console, in the General section from the server properties, "Logoff exceeding sessions" and "Exceeding sessions order" were reversed.
• With the web console, in the Standalone terminal server section from the server properties and in the Agent section from the Agent distribution properties, "Never" and "Always" were inverted in the Join mode.
• Cell content problem in the user sessions view for backup servers with the web console.
• An exception in the web interface when displaying server properties on a backup server.
• An exception when displaying a report in the web interface and no protected groups were defined.
• Lock/Logoff of non-interactive sessions was proceed even that this is not possible.
• The feature allowing to display user names in the SysLocator was not working.
• If the evaluation mode was expired and the service was restarted it was no longer possible (message about maintenance expiration) to administer UserLock and enter a new license key.
• If the UserLock service account was not administrator of the server the event message library could not be registered.
• It was not possible to upgrade from UserLock 4 even with an up to date license key registered.
• The session history report was not able to filter specifically on terminal sessions or workstation sessions.
• It was not possible to add the administrators group again after removing it from the access permissions.

Discover the bugs fixed

• It was not possible to delete protected accounts from the web console.
• On Windows server 2012 the IIS application pool UserLockAppPool was not registered to use the Framework .NET 2.
• The column headers were missing in the report "User sessions" by user and by machine.
• A layout problem in the protected account properties when displayed with some web browsers.
• With the web interface, the action buttons (Install, Restart, Close, Lock, ...) became inactive after selecting a different page in the User sessions view or in the Agent distribution view.
• A remote console or the web console were not able to display the number of computers in the CSV localization file.
• The selected predefined filter in sessions and agent distribution were not checked.

Discover the bugs fixed

• On Windows server 2008/2008 R2 the UserLock console did not ask the privilege elevation.
• In the web configuration tool the Upgrade button was not grayed when the console configuration was up to date.
• Bugs in reports when used with a MySQL database.
• Some bugs in reports when launched from the web interface.
• Bug when decreasing consumed time and UserLock was installed in French.
• IIS sessions could not be reset in some cases.
• Consumed time for quota was not maintained on the backup server.
• It was not possible to decrease consumed times for more that the quota period. Same problem on quota information displayed in the welcome message.
• It was not possible to reset sessions with local accounts.
• The logoff of a previous session was not working on Windows 2000 computers.
• If a localization mask was provided to extract the room and the building from the computer name, bogus sessions were displayed in the sessions by computer view.
• Applying server properties on the web console was generating the error message "The specified cast is not valid".
• The Userlock agent could consume 100 % CPU time on one thread on computers with many logons denied by Windows (e.g. public terminal servers attacked by bots).
• If the length of the protected zone name was exceeding 512 characters (many OUs with long names) the UserLock server automatically switched to the whole domain as protected zone.
• If IIS sessions were controlled on an IIS application pool with a : char in the name an exception occurred when displaying the user session view in the console.
• Bug in Windows and Web administration consoles if the protected zone was composed by several Organizational Units (OU): only the first OU was displayed in the UserLock server properties.
• Bug in the "Protected accounts" view of the Web administration console, if the auto filter was enabled then: "Properties" was displayed in the filter header, and an error page was displayed if it was selected.
• Bug in the "User sessions" view of the Web administration console, if the auto filter was enabled then: "Quotas" was displayed in filter header, and an error page was displayed if filter didn't correspond to any result data or if "User sessions" contained no data.
• Bug in the Web administration console: the initialization of encryption is now executed with the application pool account to prevent any permission issues with user accounts.
• The "Display name" of protected accounts was not resolved after a UserLock service restart.
• When NetBios and AD domain names differed, then the restrictions of OU protected accounts were not applied.
• When several domains were selected in the UserLock protected zone, then only the first one was protected by UserLock.
• It was not possible to add computers in workstation restrictions by browing the AD.
• In the web interface it was not possible to add a time frame for only thursday.
• For multi-forest environments: if no DC for a specific domain was unavailable during the UserLock service restart, then all accounts from this domain were replaced by their SID.
• If a protected account was renamed in the AD and the UserLock service was restarted, then it was not possible to display the properties of that protected account.
• The IE9 cache was disallowing displaying up to date reports through the web console.
• The session statistics report could not be displayed from the web console. An error was generated instead.
• Bug in english WinForms console: "Maximum session length" and "Maximum locked time" were switched.
• Bug when the Desktop agent sent unsubmitted logon events for sessions with local accounts to the UserLock server: these events were not correctly considered.
• Bug in protected account view of administration consoles: if semicolon was in the field "Name", "Canonical name", "Email recipient" or "Popup recipient" then error messages were displayed.
• Bug in license count management: sessions with local accounts were counted into license count.
• The member names of external domain's Organizational Units are no longer prefixed by the domain protected by UserLock.
• Bugs when adding time quotas to a protected account.
• Bug when trying to display session history for local accounts via right mouse click.
• AD tree in the user view now saves the last selected node to display it again the next time.
• Bugs when computing "Average time per working day" and "Average time per week" into "RAS / VPN users statistics" reports.
• Bugs when modifying protected account restrictions with no intermediary validation between actions.

Discover the bugs fixed

• Customized logo header and footer were not displayed when a report was generated from the web interface.
• When displaying the session history of a user/computer from the web interface by clicking on the user/computer link, denied logons were not include in the report.
• The NPS agent was not writing in its log file in Windows 2008/2008 R2. On these versions of Windows the path of the log file is now c:\ProgramData\ISDecisions\UserLock\UlIasAgent.csv.
• Some bugs in the NPS agent on Windows 2008/2008 R2.
• The NPS agent was breaking down the computer authentication for Wi-Fi access points.
• A compatibility problem with NComputing terminal servers.
• Email notification were not always sent during the logoff of a member of a protected group.
• If sessions were closed or opened since the last web console refresh a logoff/lock/reset from the web console may be applied on a wrong session.
• In some cases, when the UserLock primary service stopped, some communication pipes remained open and agents did not failover on the backup server.
• A problem when displaying reports from a MySQL database.
• The configuration tree did sometimes not show up any longer and the console layout needed to be reset.
• Protected account settings for remote access sessions were not synchronized with the backup server.
• In the web interface, the hour restrictions mode was not reflecting actual settings on the server and changes did not take effect.
• If an exception occurred inside the service, a memory leak might have occurred in some cases.
• Every minute, the service has been generating an unneeded workload in the lsass.exe process and could slow down logons controlled by UserLock.
• UserLock performance counters were not working from a terminal session.
• UserLock performance counters did not work in a counter log because of security issues except if the account of the service "Performance logs and alerts" was switched to localsystem.
• The backup server was sometimes incorrectly displaying some sessions as orphaned.
• The UserLock service was sometimes hanging while stopping.
• In hour restrictions, times were not always displayed in US format if US culture was defined.
• For Windows Vista/7 workstations if the logoff could not be notified to the UserLock server, the previous session was not automatically cleaned when a new session was opened on the workstation.
• UserLock was unable to get the member list of nested groups from another domain.
• Editing a time frame was resetting concerned session types to interactive.
• Editing a workstation restriction or a custom session limit was also resetting concerned session types to interactive in the web console.
• A compatibility issue with Kbox on Windows Vista/7 computers.
• Modifying an hour or workstation restriction and applying it several times was duplicating it.
• A parenthesis "(" or ")" in a user display name was generating an exception in the UserLock console.
• The SysLocator was crashing when some Vista workstations had more than one session.
• If a deleted account was still listed in UserLock access permissions the console was unable to display server properties.
• The Session statistics report did not show up in the web console and was not generated when scheduled.
• The UserLock agent service on Windows Vista/2008/Seven/2008 R2 was in some case starting too slowly disallowing to control the first session after a boot if the user was very fast to enter his password. (Agent uninstallation and reinstallation needed).
• When new settings of a protected account were applied several times it could duplicate workstation restrictions, time frames or custom limits.
• Some bugs in the session history report.
• When the number of user sessions was exceeding the license no error events were generated to warn the administrator.
• In some case an exception was occurring when displaying the dashboard or sessions by machine.
• Applying new properties on the primary server with the web interface was unregistering the backup server and sessions were no longer synchronized.
• When a protected account was created in the web console with a different case than the AD, displaying immediately properties was generating an exception.
• The Windows console was allowing removing and adding protected accounts on the backup server even that a UserLock backup server is read only.

Discover the bugs fixed

• A slash (/) or a colon (:) in a user display name was generating an exception in the UserLock console.
• The error management while uninstalling an agent was not displaying an intelligible message in case of error (Unexpected error while executing the command).
• A bug in the AD tree if a domain contained several OUs with the same short name.
• The context menu on tabs was not working.
• The Windows Vista/2008 agent was launching the 32 bits UserInit.exe executable on 64 bits machines.
• Some column names in the raw data of the Session statistics report were in French.
• In some cases the agent distribution computer list was empty and an error event was generated in the server application log (source UL2000) with "Invalid parameter detected" in the description.
• It is possible again to add local groups and local users in the UserLock permissions.
• An access violation exception (Event id 700) in the UserLock service when a user was removed from the AD but a session was still registered in UserLock for him.
• After changing the connection string in the server properties the create table button did not work if you did not apply the new settings before (Error: "Failed to create the table! [Microsoft][ODBC Driver Manager] Function sequence error").
• A problem disallowing the agent to start on Windows 7.
• Resetting RAS sessions is now possible.
• Hyperlink allowing displaying the session history on a user is restored in the web console.
• AD tree is correctly displayed in the Windows console if more than one domain are in the protected network zone.
• AD tree is now kept after refreshing the agent distribution view in the Web console.
• Database reports can use again wildcard in the following field filters: user name, computer name, client name, client address.
• Various corrections of interface texts.

Discover the bugs fixed

• Some issues with Windows Vista and Windows Server 2008.
• Service wasn't stopping properly in case of a server shutdown/reboot.
• If a maximum session time was set immediately after the installation of UserLock all already opened user sessions could be logged off in some specific cases.
• A potential deadlock in the UserLock service.
• When trying to uninstall the agent from a computer without the agent installed a wrong error message was displayed.
• The previous session logoff dialog was not fully translated in English.
• A memory leak in the backup server.
• A session with a local account was sending connect/disconnect notification to the UserLock server leading to an error event.
• In some cases the web interface was unable to display reports.
• The welcome message wasn't displayed after the logoff of a previous session.
• If the logon rate was too high, the transaction log (ulagent.log) was not regularly cleaned.
• If a protected account was based on a universal group, UserLock wasn't including members of other domains in the list of concerned users.
• If a UserLock admin had only the right to administrate sessions he was unable to display reports because he was not allowed to retrieve the database connection string.
• Internal exceptions when the user session list was empty.
• Crash of the session statistics report when the database was empty.
• The ascending/descending order radio buttons were not working correctly in the session statistics report.
• Some temporary files were not cleaned while generating report in a batch or in a scheduled task.
• When disconnecting a locked terminal session the UserLock service was sometimes thinking that the session was still active.
• The permissions tab and the user sessions by computer view were not grayed on backup servers.
• A bug was making crash the MMC console in some cases while refreshing the view.
• A bug in hours management when a session needed to be closed at 12:00 AM.
• A handle leak while sending E-mail notifications.
• Two memory leaks in the UserLock service.
• Removed: The beta warning.
• A bug in the web console while displaying sessions by user.
• A bug leading to users with empty names.
• A bug while deploying the agent on Windows Vista computers.
• Important! Existing customers with an up to date maintenance need to ask for their new UserLock 4 license key before installing this new version on their network.

Discover the bugs fixed

• The UserLock server no longer tries to deploy the GINA agent on Windows Vista computers. "OS not supported" is returned.
• In some cases a communication problem was leading to display invalid characters.
• In some rare cases the database insertion thread was crashing while connecting to the database.
• The protected zone was not configured correctly for domains with a NetBIOS name different than the hostname. Symptoms: Just the server itself was displayed in agent distribution.
• The web interface configuration tool was changing the authentication mode on the root folder of the IIS site instead of doing it directly on the UserLock virtual folder.
• A UserLock service installed on a Windows 2003 SP1 server was unable to deploy the agent on 64 bits computers.
• A problem while sending E-mail notifications to some specific SMTP servers.
• The UserLock service was hanging in some cases (Error 0x0000079 in the console).
• A few bugs in reports.
• A bug in the LogonCleaner.
• A bug in the communication between the web console and the UserLock server. The user sessions list or the agent distribution list were incomplete in some cases.
• A bug in the policy.
• In some rare cases if an internal exception occured in the UserLock service users were unable to logon (a service restart was needed to fix the problem).
• A few bugs in the web console.
• UserLock was not working correctly on domains with an '@' character in the NetBIOS name.
• Citrix presentation server 4.0 register now its GINA in a different way and this was leading after an upgrade of both products to the unability to open ICA sessions (the logon hang).
• The database insertion thread was crashing in some case disallowing any new insertions.
• UserLock 3.5 beta 2 was unable to logoff/lock users with the administration console.
• Database connection string changes through the web interface were not applied immediately.
• The 404 web page was not correctly registered in the IIS virtual folder.

Discover the bugs fixed

• A memory leak in the service when the network zone was an Organization Unit.
• If the UserLock service was installed on a Windows server 2003 the console launched reports on the default database with a wrong connection string.
• In the User sessions report the total computer time was wrong in some cases.
• Wild card characters were not working when using the User sessions report on a MS Access database.
• The configuration wizard was unable to display organizational units on domain with a NetBIOS name different from the DNS name.
• When the remote registry service was not running on workstations the agent status was false (Upgrading (Waiting for reboot)) and the deployer did not report any error while installing the agent.
• Reports were printing the result on two US letter pages instead of one. If you still have the problem please contact us at suport@isdecisions.com.
• A bug in the database insertion. An invalid character was added at the end of strings for some databases.
• The uninstall link was not checking if agents were still deployed.
• A bug while trying to send a test E-Mail or while specifying a new database connection string in the console (Unable to read data & Permanent error).
• The deployer was unable to update the agent on computers with a third party GINA installed.
• After registering the backup server client workstations were configured only after the next service start.
• After a workstation reboot the UserLock server was not able to detect lost sessions on this workstation.
• Client restrictions were not applied on terminal sessions during a session reconnection.
• A communication problem between the console and the server occuring only in rare cases (Symptom: incomplete computer and session list).
• Crash of the USerLock service if not enough swap file was available on the server.
• For workstations with a NetBIOS name with more than 15 characters the logoff was sometimes locking up the workstation.
• In evaluation mode the lock/unlock activity was not inserted in the database.
• The export in CSV was not working in reports.
• A bug that was leading in some cases to a service hang.
• A bug in the logon policy.
• When locking terminal sessions from the console the session was closed instead of disconnected.
• When a logon was denied for a terminal session a logoff was generated immediately after.
• Information: This version is compliant with the agent of all versions greater or equal than 2.4. However if a UserLock 2.xx agent is deployed you should upgrade the agent as soon as possible to get all new features working.

Discover the bugs fixed

• A bug leading to a periodic service crash in some cases.
• The logons can be ordered according the logon/logoff time in the console.
• Displayed columns can now be customized in the console.
• Bug in the policy settings.
• Bug in the notifications. The already logged on computers were not displayed since the 2.6 version.