UserLock

Limit concurrent logins

UserLock allows you to limit or prevent concurrent logins, per user, user group, or Organisational Unit and per session type (workstation, terminal, interactive, Internet Information Services or VPN/RAS).

Limitations can be set in a granular way and can vary from one user to another, one group to another, or one Organisational Unit to the other.

Workstation restriction

UserLock can prevent logins on multiple workstations based on users, user groups or Organisational Units.

Examples of restrictions can include: own worksta- tion, IP range, department, floor or building.

Time restriction

UserLock allows defining working hours and/or maximum session time for protected users.  Outside of these timeframes and/or when time is up, users will be disconnected with prior warning.

UserLock can detect when a password protected screensaver starts and can automatically logoff a session after a specific length of time.

Time quotas

UserLock allows defining and enforcing daily, weekly, monthly, etc.  connection time quotas per user or user group and per session type.

Several time quotas can be defined for a same Protected Account.  A different time quota can therefore set for each type of session.

Real-time monitoring and alerts

UserLock allows real time session monitoring; at all times the administrator knows the number of concurrent logins, who is connected, from which workstation and since when.

You can also send popup or email alerts to the network administrators for specific events such as denied logins, successful logins and logoffs.

Reporting

UserLock records all session logging and locking events in an ODBC database for reporting.  Reports can automatically be generated at regular intervals and the following predefined reports are included:

• Session history: detailed connection list (logon, lock, unlock, logoff instances, users, domains, workstations…),
• Session Statistics: displays total login, total connection time and average time per session for a given user and period,
• Agent Distribution: view of the agent installation status on all computers of the protected network zone,
• User sessions: snapshot view of all concurrent logins at display time,
• Session count evolution: view of the evolution of the total opened sessions,
• RAS sessions: view of the history, statistics and a chart displaying the evolution of RAS sessions number,
• Dashboard: printable version of Dashboard.

Remote session administration

An administrator can remotely lock or logoff any session (even sessions with local accounts^*), either from the administration console or the Web interface.

User security awareness

UserLock can provide users with information such as:

• last workstation logged on,
• date and time of last successful logon,
• history of all logons denied by UserLock and Windows since last successful logon,
• number of logons denied by UserLock and Windows since last successful logon.

This is one of the most effective ways to raise security awareness directly with the end-users.

Personalised disclaimer

UserLock allows notifying all users prior to gaining access to a system with a tailor- made disclaimer.

Users can be advised that system usage is monitored, recorded, subject to audit, and that unauthorised use is prohibited and subject to criminal and civil penalties.

 

Significantly reduce the attack surface of your Windows network

Logins are the first line of defense of your network.  UserLock provides and enforces granular rules and policies to control and secure network access.
With UserLock, you will be able to control “When”, “Where” and “How Long” your users access resources on your Information System.

Enforce compliance with major regulations

Compliance regulations generate a heavy workload for IT administrators who must perform digital records management.
UserLock provides specific features to identify, search, report and archive user access for compliance to major industry regulations, including HIPAA, NIST 800-53, Sarbanes-Oxley, NISPOM Chapter 8, PCI, Bâle II, ICD 503.

Optimise workstation usage

In a time of budget constraints, investing in additional machines for free access computer rooms is difficult to justify.

UserLock provides an interface to see which machines are available, how much each machine has been used and ensures fair sharing of computer resources.

Efficiently mitigate insider threat

UserLock allows you to monitor in real-time all sessions on your network and to immediately respond to suspicious or disruptive behavior.

In case of such behavior, administrators can remotely lock, logoff and reset sessions.

Perform accurate IT forensics

UserLock records all session logging and locking events in an ODBC database and gives IT administrators the ability to support accountability, legal investigations, and internal trends analysis.

If an IT security breach occurs, UserLock will provide accurate, detailed information about who was connected, from which system(s), since what time, for how long, etc.