Monitor and Track Active Directory Logon and Logoff

UserLock offers real-time visibility and insight into all users’ logon and logoff activity across an entire Windows Server Active Directory network. Detect and immediately respond to suspicious access at a glance.

Download Read more

Real-Time Monitoring Detect and Respond to User Access

UserLock displays an instant overview of all user session activity. Filtering options makes it easy to review specific sessions and track who is connected, from where and since when.

UserLock also offers the capability to interact remotely with any session, open or locked.

Immediate one-click block

To help mitigate risks effectively, IT can review and immediately block any suspect user accounts with just one click. This denies all further logon attempts and closes any existing sessions.

Immediate one-click block

Try UserLock — Free trial now

Get information
by user or by machine

  • User details

    View the display name, the user account, the organizational unit, etc.

  • Opened sessions

    View all the sessions status opened by a user, from where they have logged on at what time etc.

  • Last logoff

    View the last workstation on which the user logged off and the time of the last logoff.

  • Machine details

    View the computer name, the client IP, the organizational unit, etc.

  • Opened sessions

    Get the list of all users with a session on this computer.

  • Computer localization

    Get the building and the room of the computer (if a localization is enabled).

Risk Indicator Evaluate User Logon Behavior

Clearly flagged in the console, a risk indicator highlights suspicious logon connections so IT administrators can then respond appropriately. "Pop up" and email alerts can be sent on changing risk status.

By correlating each user’s access events with their customized access controls, each user’s ‘risk status’ evolves according to their actions when accessing or attempting to access the network. A history of changes is also kept for auditing.

 

Some examples:

High Risk
  • Simultaneous connections from inside and outside the local network
  • Frequency of denied logons exceeds a defined limit
Risk
  • A new session is opened from an existing session with different credentials
  • An attempt to open a session for an account that is locked and/or disabled in Active Directory
Unprotected
New User
  • Any new user account or a dormant account with new activity. What defines a dormant account can be customized to suit own needs
Inactive User
  • A user account without any open sessions known by UserLock, after a certain time period (customized) in days

Risk Indicator

Webhooks Integration with your other applications

Extend UserLock’s comprehensive logon data into countless other operations.

Webhooks make it easier to push updates directly to other applications right when they happen, opening up new automation possibilities. It allows real-time logon notifications to be integrated into other applications or monitoring platforms, and custom workflows can be built based on specific access events.

Download UserLock

VersionSupported systems
Windows XP | Windows Server 2003 | Windows Vista | Windows Server 2008 | Windows 7 | Windows Server 2008 R2 | Windows 8 | Windows server 2012 | Windows 8.1 | Windows Server 2012 R2 | Windows 10 (64 bits computers included) | Windows Server 2016

Demo restriction : 30-day full version with no user limits

Scroll to top