UserLock

Overview

UserLock functionality

UserLock significantly reinforces Windows infrastructures security by giving network administrators the possibility to:

• implement and enforce efficient restriction and access policies for Windows NT/2000/XP/2003 networks (LAN and WAN)
• be alerted when specific events occur (accepted logins, denied logins…) by user or user group
• remotely log off or lock a user session
• monitor in real time all connectivity on the network
• automatically log activity and generate precise session reports and statistics

You will be able to:

• limit the amount of simultaneous sessions (same ID, same password) per user or per user group
• limit user access to the network per computer or computer range (department, room, floor, building…)
• know at any time what user(s) is/are connected, on what workstation(s), since when…

How does UserLock work?

UserLock is very simple to use and doesn’t require any prior training.

Only a few minutes are necessary to get UserLock running and securing access to your network:

• Install UserLock on a Windows server (needn’t be the domain controller) and select the zone you wish to protect (all trusted domains, one domain or an organisational unit) using the setup assistant.  
• Deploy the UserLock ‘agent’ (100 KB dll) to a selection of workstations from the administration console.  
• Define for each user or user group the total amount of simultaneous sessions allowed.  
• Define for each user or user group the workstation(s) from which they can login.  

Why buy UserLock?

Using UserLock in your environment will bring you the following advantages:

• help toward your information systems compliance as to multiple international regulations and standards (HIPAA, Sarbane-Oxley, GLBA, NIST/FIPS, ITIL, COBIT, CISP, ISO 17799…)
• Significantly reinforce your Information System’s Security by:
  • eradicating hazardous user practices such as:
    - Reading unintended emails
    - Sending emails under a usurped identity
    - Accessing unauthorised files
    - Using passwords stored in Windows
    - Concealing any malpractices behind false ID
    
  • monitoring in real time all session activity and knowing at all times who is connected, from where and since when…
  • setting popup or email alerts for specific events per user or group (denied logons, successful logons, logoffs…).  
• optimising your network’s usage (public or shared workstations in open spaces, classrooms, departments…) by:
• Stopping users from logging on to several workstations simultaneously
• Remotely controlling all sessions (lock, logoff, reset…)

Features

Simultaneous session prevention/restriction

UserLock allows simultaneous logon (same ID, same password) limitation or prohibition, per user or user group.

A limit can also be set for the total number of sessions of all members of a group.  This for example useful if each department of an organisation is only allowed to open a limited number of terminal sessions on servers in order to fairly share resources.

Workstation(s) restriction

UserLock allows user or user group’s network access restriction per workstation or IP range.  By doing this, users can be limited to their own workstation, department, floor, building…

Time restriction

UserLock allows defining working hours and/or maximum session time for protected users.  Outside of this (these) timeframe(s) and/or when time is up, users will be disconnected with prior warning.

Alerts and notifications

UserLock can send popup or email alerts to the network administrators for specific events per user or group (denied logons, successful logons, logoffs…).

Remote session management

An administrator can remotely lock, unlock, logoff and reset all sessions, either from the administration console or the Web interface.

End-user assistance

Network administrators can enable:

• an option allowing users to remotely disconnect their previous session as they logon to another computer.  This will avoid users from having to go back to the previous computer.  
• a public Web interface to display system usage (per session status) in real time, allowing users to easily find an available computer; the interface can for example display systems available in a room (depending on computer naming convention), ideal for organisations with free access computers.  

Connectivity surveillance and monitoring

UserLock allows real time session surveillance and monitoring; at all times the administrator knows who is connected, from what workstation(s), since when…

Analysis and reporting

UserLock records all session logging and locking events in an ODBC database (Access, SQL server, Oracle…) for future reference.

Reports can automatically be generated at regular intervals, in order to update an Intranet Web site, or being sent by Email (using third party software)

UserLock provides 4 predefined reports:

• Session history: Comprehensive session list (logon, lock, unlock, logoff instances, users, domains, workstations…)
• Session Statistics: Displays for a given user and period, total sessions, total connection time, average time per session, per worked day or per week.  
• Agent Distribution: View of the agent installation status on all computers of the protected network zone.  
• User sessions: Instantaneous view of all user session at display time.  

Flexibility, ease of use and security

• Centralised administration
  UserLock’s administration console gives access to all options and screens, and is very simple of use; the console works as a Windows service (can be installed on a desktop).  
• Delegated administration
  Certain users can be given the ability to view and manage sessions without having access to more critical UserLock settings such as protected accounts configuration, agent distribution …
• Management via Web interface
  Remote session management is possible from any computer connected to internet.  
• Pin-pointed protection
  UserLock allows protection for a single domain, several domains (with domain approbations) or only one of an Active Directory’s Organisational Units (OU).  
• Terminal session management and 64x systems
  UserLock supports terminal sessions (Microsoft Terminal Server and Citrix Metaframe) as well as 64bit systems
• Easy setup
  UserLock installs in minutes on a standard Windows server (NT4 SP4/2000/2003), a micro-agent is automatically deployed on selected workstations.  
• Backup
  It is possible to install a UserLock backup server to guarantee protection even if the primary UserLock server crashes.  

Usage Scenarios

Limit or stop simultaneous sessions

• Stop a user from opening more than one session with his or her account
• Give the ability to only three users of a group to open n concurrent sessions

Restrict user access per workstation

• Define a list of computers from which a user can open a session
• Force a user to only open a session on his or her desktop

Alert the administrator when predefined events occur

• Warn the administrator by email when a specific user attempts to login
• Send the administrator pop-up messages on denied logon

Remotely close/lock/reset user sessions

• Remotely logoff a user session after a period of inactivity
• Remotely reinitialize nn sessions at once

Monitor in real time all session activity on the network

• Monitor logins on a terminal server
• Check if a user is connected, on what workstation, since when

Get precise history and statistics on user sessions

• Obtain the list of all successful or failed logins
• Report for a given user/group and a specific time frame, total sessions and total connection time
• Analyse workstation usage in a room, floor, building (relying on computer name syntax)

Requirements

For UserLock server

• Windows 2003 Server
• Windows 2000 Server
• Windows NT 4 Server with SP 4

For UserLock console

• Windows XP
• Windows 2003
• Windows 2000
• Windows NT 4 with SP4 and IE 5

For workstations to protect

• Windows XP
• Windows 2000
• Windows NT 4

For Terminal Servers to protect

• Windows 2003 Server
• Windows 2000 Server
• Windows NT 4 TSE
• Citrix Metaframe XP