UserLock Documentation
UserLock Documentation
You are here: Getting started > Requirements

Requirements

Domain

Active Directory required (for workgroups, see Standalone Terminal Server).
Functional level of forest and domain: Windows Server 2003 or higher.

Operating system


UserLock Server UserLock Console For workstation to protect For terminal servers to protect For RRAS, NPS and IIS servers
Windows Client versions
Windows 10 check_circle check_circle
Windows 8.1 check_circle check_circle
Windows 8 check_circle check_circle
Windows 7 check_circle check_circle
Windows Vista check_circle
Windows XP check_circle
Mac Client versions
High Sierra check_circle
Sierra check_circle
El Capitan check_circle
Older version
Windows Server versions
Windows Server 2016 check_circle check_circle check_circle check_circle
Windows Server 2012 R2 check_circle check_circle check_circle check_circle
Windows Server 2012 check_circle check_circle check_circle check_circle
Windows Server 2008 R2 check_circle check_circle check_circle check_circle
Windows Server 2008 check_circle check_circle check_circle check_circle
Windows Server 2003 R2 check_circle check_circle
Windows Server 2003 check_circle check_circle
Windows Server 2000
Terminal Servers
Citrix Metaframe XP check_circle
Citrix Presentation Server 4 check_circle
Citrix XenApp check_circle
Any terminal servers using RDP sessions (Microsoft) or ICA sessions (Citrix) check_circle
RemoteApp check_circle

Windows services and network protocols

  • The Remote registry service must be enabled and started on machines protected by UserLock.
  • The UserLock service is configured to logon by default as the 'Network Service' account. For some operations, the UserLock service needs to impersonate with an account having administrative privileges on target machines (see here).
  • The ICMP (ping) protocol must be authorized both ways between the UserLock server and the machines protected by UserLock.
  • The 'Microsoft File and Printer Sharing' protocol (SMB TCP 445) must be authorized both ways between the UserLock server and the machines protected by UserLock.

Hardware

CPU and RAM

The required hardware for a UserLock server depends on the number of user sessions that  will be protected.

A medium-sized server should be sufficient in most cases - a server with a 2 GHz dual core CPU,  2 GB of RAM and a recent hard drive should be able to manage up to 10,000 simultaneous sessions. With such a processor, UserLock can process up to 100 logon events/s. With such a logon rate, you can authenticate 6,000 users in one minute. Please note that even in an organization with 10,000 users, this number of connections in the same minute will never happen.

Disk space

The disk space required for the installation process is 50 MB.

Additionally you have to consider the disk space consumed by the database to keep the user session history:

A logon event consumes 0.5 KB of disk space. Typically a user generates at least four connection events during a day (a logon, a lock, an unlock and a logoff) so you can calculate the disk space consumed per year as follows:

Example for 100 users:
100 x 4 x 0.5 KB = 200 KB/day = 4 MB/Month (20 business days) = 50 MB/Year

You can use this simple formula to estimate the disk space that will be consumed by the database according to the number of users and the time period your history will have to cover.

Network connection

A logon event exchanges 3 KB of data through the network. The network bandwidth consumed will depend on the logon rate.

For example a logon rate of 100 logons/s will generate 300 KB/s. Therefore any 100 Mb network card (10 MB/s) will be sufficient in most cases.

Please note that if you have slow network connections to some remote sites, then you should take into account the number of users behind connections.

Database

All user session activity captured by UserLock is saved in a database to benefit from reporting and analysis features.

UserLock supports as database systems:

  • MS Access mdb file.
  • MS SQL Express 2005 and newer - 32/64 bit.
  • MS SQL Server 2005 and newer - 32/64 bit.
  • MySQL 5.6 and newer.

Please note that LocalDB editions are not supported.

To facilitate UserLock evaluation, the installation package integrates an MS Access database to archive all session activity. We do not recommend implementing UserLock with this database on the production environment. An MS SQL Server database system is required, with at least an 'Express' version.