How to Install UserLock in an Environment using VDI
Virtual Desktop Infrastructure (VDI) consists of creating a template (image) workstation. When a user logs in, an instance of this template is created and used.
Microsoft, Citrix, VMWare… are examples of VDI providers. The Wikipedia page describing VDI is available at https://en.wikipedia.org/wiki/Desktop_virtualization.
In order to install UserLock in an environment using VDI, the UserLock Desktop Agent must be installed on the template, and correctly configured.
How to deploy the UserLock Desktop Agent to the VDI template
Sessions on VDI computers are managed the same way as sessions on physical computers. To configure VDI computers with UserLock, the Desktop agent must be configured in the VDI template. The easiest way to do this is to:
- Start your VDI template.
- Ensure that the VDI template is compatible with the following UserLock requirements:
- The 'Remote Registry' service must be enabled and started.
- The ICMP (ping) protocol must be authorized both ways between the UserLock server and the machine.
- The 'Microsoft File and Printer Sharing' protocol (SMB TCP 445) must be authorized both ways between the UserLock server and the machine.
- Log on the UserLock server.
- Run the UserLock Console.
- Deploy the Desktop agent on the VDI template. This will deploy the agent file, and set the VDI template to connect to the UserLock servers (Primary and optionally Backup).
- If the VDI template is not listed in the "Agent distribution"; meaning it is not in the network zone protected by UserLock, then you can manually install the Desktop Agent (see https://www.isdecisions.com/products/userlock/help/agents/desktop_agent/manual-installation.htm), If it is in the defined protected zone, wait 5 minutes maximum for the list of protected computers to be updated.
- Add a Protected Account selecting a test user account, for example “UserLockTestUser”.
- Enable the Welcome message in the General tab:
- Log on the VDI template as “UserLockTestUser”.
- Check that the welcome message is displayed at logon.
- If this is not the case, restart the process from the beginning. (IMPORTANT: if you do not restart the process from the beginning, the agent file will store the logon event and will continually try to notify the UserLock service and this event will be stored on future templates).
- Check that the session is displayed in the UserLock Console / User sessions.
- Log off the VDI template.
- Check that the session is no longer displayed in the UserLock Console / User sessions.
- If this is not the case, restart the process from the beginning (IMPORTANT: if you do not restart the process from the beginning, the agent file will store the logon event and will continually try to notify the UserLock service and this event will be stored on future templates).
- Create a new VDI template, which is now “UserLock Ready”.
- Run the UserLock Console.
How to configure UserLock to consider VDI sessions as Terminal session types
Advanced note about VDI sessions: By default, VDI sessions will be considered as Workstation sessions. If you want UserLock to consider them as Terminal sessions, just run the UserLock Console, hit the F7 key and set the “VdiMode” property to “true” then validate with OK:
Note that this setting will not work on limited versions of VMWare (see the "The client name data may not be available" section below).
The client name data may not be available
A few versions of VMWare do not provide the client name, so there may be limitations in UserLock: client restrictions, can't count VDI sessions as Terminal sessions...).