UserLock Server types
In a protected zone, UserLock server types can be Primary or Backup (optional). You can also install UserLock on Standalone terminal servers located in a Workgroup to protect terminal sessions of their local accounts.
The UserLock Primary server is the server managing the software application. Only a single Primary server can be installed and running on the same network protected zone. All user sessions of the defined protected zone will be audited and controlled by the UserLock Primary server.
The Primary server can be installed on any server member of the protected zone. We do not recommend installing the Primary server on a domain controller, although there is no risk or technical constraint. For more details, please see the Requirements section.
The UserLock Primary server integrates an agent deployment engine to remotely install all available agent types in order to monitor and control user sessions on your network (workstations, terminals, Wi-Fi/VPN, IIS). It requires its own database to keep a history of all session activity across the network zone that is in charge of.
The UserLock Backup server regularly synchronizes its configuration and its sessions database with the Primary server. If the Primary server has an issue, then the Backup server will automatically maintain the sessions activity monitoring and control of the network protected zone.
There are two synchronization methods between the Primary and the Backup server:
The events synchronization to synchronize all UserLock server settings and update the sessions database using events audited by the Primary server.
The sessions synchronization to reproduce the same sessions list as displayed on the Primary server.
Those two methods are used when installing and implementing the Backup server. Then only the events synchronization is scheduled at regular time intervals. However it's possible to launch either method on demand from the Synchronization menu of the Backup server properties.
All settings from the Primary server - except the two sections E-mail settings for notifications and Database - are synchronized with the Backup server.
When administering the Backup server from the UserLock console, all these parameters will only be available in read-only mode. They are only editable from the Primary server. Reports are also not available on the backup server.
Installing a UserLock Backup server role follows the same process as the Primary server installation. Just select this role when defining the server role in the UserLock Configuration wizard. The Primary server name is required here to define which server is associated with this Backup server.
Please Note:
Requirements for the Backup server are the same as the Primary server.
The impersonation account defined for the Backup server service during the UserLock configuration wizard requires administrative privileges on the Primary server in order to synchronize all settings and sessions with it.
By default, writing to the database is disabled on the backup server. Writing to the UserLock primary server database is sufficient. However, if you wish to configure another database on the backup server, the database configured on the Backup server needs to be different to the one used by the Primary server. It's possible to use the same Database system server, but the two databases must be distinct.
If any issue occurs during the synchronization, then a specific event with all available details will be logged into the Windows Application event log (source UserLock).
Primary server up and Backup server up:
Primary server down and Backup server up:
This role is designed to protect terminal servers located in a Workgroup using local accounts.
You can install UserLock in this mode on any Windows Server 2012 or higher, as well as any workstation running 8 or higher.
Installing a UserLock Standalone terminal server role follows the same process as the Primary server installation. Just select this role when defining the server role in the UserLock configuration wizard.