Monitor, Alert
& Respond to all Active Directory User Logon Logoff

Track and alert on all users’ logon and logoff activity in real-time. Interact remotely with any session and respond to login behavior. Warn end-users direct to suspicious events involving their credentials.

Start a free trial Book a Demo
Monitor and Track

Real-Time Monitoring Detect and Respond to User Access

UserLock displays an instant overview of all user session activity. Filtering options makes it easy to review specific sessions and track who is connected, from where and since when.

UserLock also offers the capability to interact remotely with any session, open or locked.

Immediate one-click block

To help mitigate risks effectively, IT can review and immediately block any suspect user accounts with just one click. This denies all further logon attempts and closes any existing sessions.

Immediate one-click block


Try UserLock — Free trial now

30-day full version with no user limits

Get information by user

User details

View the display name, the user account, the organizational unit, etc.

Opened sessions

View all the sessions status opened by a user, from where they have logged on at what time etc.

Last logoff

View the last workstation on which the user logged off and the time of the last logoff.

Get information by machine

Machine details

View the computer name, the client IP, the organizational unit, etc.

Opened sessions

Get the list of all users with a session on this computer.

Computer localization

Get the building and the room of the computer (if a localization is enabled).

Real-Time Alerts For IT Administrators

Defined for any particular user, group or organizational unit, alerts are set on events that may warrant further investigation such as failed logon attempts, attempts to log on to default accounts and activity during nonworking hours.

Alerts can be sent to one or more recipients by email and pop-up notification.

Step-by-step guide on how to define an alert

Real-Time Alerts

Respond Directly to Alerts

As soon as a suspicious access event is detected, IT administrators have the chance to instantly react. An immediate response can help reduce the risk of security breaches.

Remote Session Response

Interact remotely with any session, open or locked, to log-off, lock or reset the appropriate settings.

Learn more

Interact remotely with any session

One-Click Block

Immediately block any suspect user account with just one click. This closes all existing sessions and denies all future logon attempts.

Learn more

Immediately block

Block the user


Personalized Computer Commands

Target one or many machines with computer command prompts.

Learn more

PowerShell cmdlets

PowerShell cmdlets

PowerShell Integration

Use UserLock PowerShell cmdlets to expedite certain tasks and run scripts.

Learn more

Logon Restrictions

Adjust user access control rules in real-time. Security is an iterative process. Restrictions should be revised or temporary rules defined that respond to access events.

Learn more

Adjust user access control rules

Now Available in UserLock 11.2

Get the New, Intuitive UserLock Web App

Monitor and respond to network sessions quickly, easily, and from anywhere with the all new UserLock Web App.


New UserLock Web App

Real-Time Alerts To warn end-users

Warn end-users in real time of all connection events involving their credentials.

Breaches are often initiated by acquiring and misusing a user’s credentials. Help users assess for themselves any suspicious activity involving their own trusted access.

Administrators can customize both the message and on which events and session types trigger the pop-up notification.

Credential Warning

Risk Indicator Evaluate User Logon Behavior

Clearly flagged in the console, a risk indicator highlights suspicious logon connections so IT administrators can then respond appropriately. "Pop up" and email alerts can be sent on changing risk status.

By correlating each user’s access events with their customized access controls, each user’s ‘risk status’ evolves according to their actions when accessing or attempting to access the network. A history of changes is also kept for auditing.


Some examples:

High Risk
  • Simultaneous connections from inside and outside the local network
  • Frequency of denied logons exceeds a defined limit
  • A new session is opened from an existing session with different credentials
  • An attempt to open a session for an account that is locked and/or disabled in Active Directory
New User
  • Any new user account or a dormant account with new activity. What defines a dormant account can be customized to suit own needs
Inactive User
  • A user account without any open sessions known by UserLock, after a certain time period (customized) in days

Risk Indicator

Webhooks Integration with your other applications

Extend UserLock’s comprehensive logon data into countless other operations.

Webhooks make it easier to push updates directly to other applications right when they happen, opening up new automation possibilities. It allows real-time logon notifications to be integrated into other applications or monitoring platforms, and custom workflows can be built based on specific access events.


Request a personalized demo now

Discover how UserLock can help you meet your needs.

Secure Active Directory Credentials with Multi-Factor Authentication (MFA)

Read More

Download UserLock

The trial version offers:

  • 30-day full version
  • no user limits
  • free technical support

Supported systems

Release Date : 2/16/2023
Version : UserLock 11.2.2
What's new in this version ?

Please read the Beta Testing Procedure before installing this version.

The beta version includes:

  • 30-day full version
  • no user limits
  • free technical support

Release Date : 3/13/2023
Version : UserLock 12 beta
What's new in this version ?

Supported systems