UserLock Documentation
UserLock Documentation
You are here: Use cases > How to install UserLock on a Windows Server Core

How to install UserLock in a Windows Server Core

From UserLock 12 follow the step behind. With UserLock 11.2 or older, we advise to upgrade UserLock otherwise please contact us to have specific instructions.

Note: in a Server Core 2019, it will be needed to install the App Compatibility feature since agents 11.0.
Please, follow the procedure in the section “Installing the App Compatibility FOD”
After that you should be able to deploy the agent as usual. And the agent service should be able to start.

1. To install UserLock desktop agent in a Windows Server Core:

Copy from the Primary UserLock server the file '%ProgramFiles(x86)%\ISDecisions\UserLock\UlAgentExe_ServerCore.exe' (by default 'C:\Program Files (x86)\ISDecisions\UserLock\UlAgentExe_ServerCore.exe') to '%windir%\SysWOW64\UlAgentExe.exe' (by default 'C:\Windows\SysWOW64\UlAgentExe.exe') on the target computer (\\SERVERCORE\c$\Windows\SysWow64\UlAgentExe.exe).

Run the following command lines on the target computer:

ULAgentExe.exe /SERVICE S
net start UlAgentService

Uninstall UserLock agent

To uninstall, follow the same procedure as for uninstalling the standard desktop agent.

2. To install and configure UserLock in a Windows Core Server

Install the UserLock server silently:

Download the UserLock package to a local folder, "C:\Temp\" for example.

Run CMD 64-bit with the "Run as administrator" enabled then run on it:

UserLock_Setup.exe /s /v/qn /vADDLOCAL=Service,PrivilegeElevation,Console,PowerShell
  • Note: does not work if space between "/v" and "/qn"!
  • Note: "Service,PrivilegeElevation,PowerShell" corresponds to the minimum recommended configuration on a Windows Server Core, you can modify it with another configuration. For information, the default configuration installed on a standard installation on a Windows Server is "Service,PrivilegeElevation,Console,WebConsole,PowerShell,WebApps,Proxy,Help". Contact us if you want to install other components ("UserLockSSO", "IIS MFA" etc.).

Configure the UserLock server type, protected zone, and impersonation account silently:


Extract this zip.

Run PowerShell 32-bit (%SystemRoot%\syswow64\WindowsPowerShell\v1.0\powershell.exe) with the "Run as administrator" enabled then run on it (as explained here the first command below is to be able to run UserLockPowerShell just after the UserLock installation, not needed if server restarted after installation):

Import-Module "${env:ProgramFiles(x86)}\ISDecisions\UserLock\Modules\UserLockPowerShell\UserLockPowerShell.psd1"
cd C:\MyFolder\SetUserLockConfiguration\
& '.\SetUserLockConfiguration.ps1' -AdminAccount 'UserLockSvc' -AdminDomain 'VCORP' -AdminPassword 'YourPassword'

Parameters of this script allow you to configure a backup UserLock server (and the name of the Primary UserLock server) and a specific protected zone ("(All)" by default):

& '.\SetUserLockConfiguration.ps1' -AdminAccount 'UserLockSvc' -AdminDomain 'VCORP' -AdminPassword 'YourPassword' -Zone 'OU=MyOU,DC=MyDomain,DC=intra'
& '.\SetUserLockConfiguration.ps1 -IsBackupServer -PrimaryServerName 'DC1' -AdminDomain 'VCORP' -AdminAccount 'UserLockSvc' -AdminPassword 'YourPassword'

Once the UserLock service is running, you should be able to open a UserLock console ("%ProgramFiles(x86)%\ISDecisions\UserLock\UserLockAdmin.exe") and connect with the server.

Uninstall UserLock

Run CMD 64-bit with the "Run as administrator" enabled then run on it:

  • With UL 11.2:
    "%ProgramFiles(x86)%\ISDecisions\UserLock\CheckBeforeUninstall.exe" "{C9947411-51FF-4104-878F-C4BE24363FD6}"
  • With UL 12.0:
    "%ProgramFiles(x86)%\ISDecisions\UserLock\CheckBeforeUninstall.exe" "{A9B6960C-D193-40AC-9AD4-2C3E34A1A859}"