Changelog

See the new features, improvements and bug fixes of UserLock.

October 29, 2025

New features

  • Custom credential provider for Windows Hello PIN, improving the MFA experience and security.

  • Custom credential provider for Pre-Logon Access Provider (PLAP), improving the MFA experience and security.

  • Windows Server 2025 RemoteApp connections now use the custom credential provider, improving the MFA experience and security.

  • Reporting management for logon denied events with User Account Control (UAC) session type.

  • Remote agent communication with UserLock over the Internet, without VPN or IIS server.

  • Certificate authentication for UserLock Anywhere.

  • Client certificate verification for UserLock SSO.

  • New interface with reorganized sections: Dashboard, Environment, Access Policies, Activity, Reporting, and Server settings.

  • Pages displaying all Active Directory entities (machines, users, groups, OUs) with AD attributes, navigation links, and statistics.

  • Dedicated dashboards for each entity (user, machine, group, OU) showing activity, applied policies, and filtered reports.

  • Dedicated pages and step-by-step wizard for each access policy type (MFA, time, machine restrictions, etc.).

  • Custom views system available on all pages (filters, columns, sorting) with save and share options.

  • Admin actions panel tracking ongoing and completed administrative operations in real time.

  • Reports for admin actions and configuration changes ensuring complete audit traceability.

  • Spanish and Japanese language interfaces added.

Improvements

  • Updated .NET from version 8.0.6 to version 8.0.22.

    (in version 13.0.0.119)

  • The custom credential provider now wraps around the Windows credential provider.

  • The mechanism of the "Close previous session" feature of the credential provider has been improved.

  • The mechanism of the "Logons without UserLock connection" feature of the credential provider has been improved.

  • Improved recovery codes and rate-limiting mechanisms.

  • Terminology and labels revised for better alignment with Active Directory and administrator workflows.

  • Clearer, task-oriented navigation structure.

  • Simplified access policy editor with inline explanations and easier policy management.

  • Redesigned reporting with new charts, instant display, and improved performance.

  • Enhanced report scheduler with direct-link delivery by email.

  • Server settings reorganized for faster access and clearer layout.

  • Unified interface and behavior across web and desktop consoles.

Changes

  • NIST servers are no longer used for time verification (only Google servers are now used).

    (in version 13.0.0.119)

  • The ADMX and ADM files have been modified to allow empty content for the "Public URL to the UserLock Anywhere HTTP Proxy" field.

    (in version 13.0.0.119)

  • MFA is no longer prompted before password changes.

Bugfixes

  • Fixed in version 13.0.0.119

  • Problems encountered when launching an administrative shutdown of a machine from the "Machines" page of the "Environment" section.

  • An attempt to update the agent on a computer connected via VPN may fail with error 53 even though the target machine's FQDN is reachable.

  • If the MFA key reset via the backup UserLock server is performed while the primary UserLock server is down, an MFA request is made instead of an MFA enrollment when the primary server is operational again.

  • In the access policy wizard, the information about target containers does not allow them to be distinguished in tiered AD environments.

  • If you install version 13.0 of the desktop agent MSI and version 12.2 or earlier of the desktop agent MSI is already installed, you will see two desktop agent MSI installations.

  • The evaluation license may be marked as "expired" if it is installed in time zones with a negative time offset from UTC.

  • When UserLock is configured to use a local SQL Server Express database some logons may not be inserted in the database.

  • The "Simultaneous session history" report does not display a sub-table for a listed user with simultaneous sessions.

  • The legacy agent station technology is used when connecting with a local account on a Standalone UserLock server.

  • In a Japanese OS, the UserLock uninstallation dialog box displays incomprehensible characters.

  • Negative consumed time quotas may be displayed when carry-over is enabled, and resetting the time consumed to zero does not work.

  • There is no link for entity name in AD Environment pages (All machines, All users, Groups, OUs) to open detail view from the selected row.

  • Non-functional machine links in Admin Actions panel.

  • The "Country" column and associated filter are missing in Activity > Active Sessions page.

  • The "Reset the MFA config" action is disabled for non-audited users.

  • After restarting, a machine connected to AnyWhere cloud can apply "Logons without UserLock connection" (instead of using AnyWhere cloud).

  • A logon denied by Windows, received via UserLock Anywhere in delegation mode, generates an entry with an unnamed computer.

  • Each SSO logout results in an error.

  • The "Without agent" default view of the "Machines" page in the "Environment" section does not display agentless machines.

  • There is a memory leak when the UserLock service treats many logon commands.

  • Unexpected behavior of the desktop agent due to the absence of some string resources in Japanese, Portuguese, German, Dutch, Spanish, and Arabic.

  • SSO - Error during configuration in the UserLock configuration wizard.

  • MFA is required after an invalid password.

  • The desktop agent is uninstalled with the NetBIOS name instead of the FQDN.


  • Fixed in 13.0

  • The Wi-Fi session reset database records have "VPN" as the session type.

  • Timeout issues in the credential provider.

  • The behaviors for the "Ask for MFA" and "Force MFA" configurations of the "Logons without UserLock connection" feature are not correct in the credential provider.