UserLock
UserLock® secures access to Windows® networks and mitigate insider threat by:
- restricting simultaneous sessions
- limiting user access to the network
- providing administrators with remote session control, alert options and advanced reporting for session analysis.
UserLock® functionality
UserLock significantly reinforces Windows infrastructures security by giving network administrators the ability to:
- implement and enforce efficient restriction and access policies for Windows 2000/XP/2003/Vista/2008/Seven networks (LAN and WAN)
- be alerted when specific events occur (accepted logins, denied logins…) by user or user group
- remotely log off or lock a user session
- monitor in real time all connectivity on the network
- automatically log activity and generate precise session reports and statistics
- …
You will be able to:
- limit the amount of simultaneous sessions (same ID, same password) per user or per user group
- limit user access to the network per computer or computer range (department, room, floor, building…)
- enforce logon time restrictions on a group-by-group basis
- know at any time what user(s) is/are connected, from what workstation(s), since when…
How does UserLock® work?
UserLock is very simple to use and doesn’t require any prior training.
Only a few minutes are necessary to get UserLock running and securing access to your network:
- Install UserLock on a Windows server (needn’t be the domain controller) and select the zone you wish to protect (all trusted domains, one domain or an organizational unit) using the setup assistant.
- Deploy the UserLock ‘agent’ (100 KB dll) to a selection of workstations from the administration console.
- Define for each user or user group the total amount of simultaneous sessions allowed.
- Define for each user or user group the workstation(s) from which they can login.
- Define logon time restrictions on a group-by-group basis
Why buy UserLock®?
Using UserLock in your environment will bring you the following advantages:
- help toward your information systems compliance as to multiple international regulations and standards (HIPAA, Sarbane-Oxley, GLBA, NIST/FIPS, ITIL, COBIT, CISP, ISO 17799…)
- Significantly reinforce your Information System’s Security by:
- eradicating hazardous user practices such as:
- Reading unintended emails
- Sending emails under a usurped identity
- Accessing unauthorized files
- Using passwords stored in Windows
- Concealing any malpractices behind false ID
- … - monitoring in real time all session activity and knowing at all times who is connected, from where and since when…
- setting popup or email alerts for specific events per user or group (denied logons, successful logons, logoffs…).
- eradicating hazardous user practices such as:
- optimizing your network’s usage (public or shared workstations in open spaces, classrooms, departments…) by:
- Stopping users from logging on to several workstations simultaneously
- Remotely controlling all sessions (lock, logoff, reset…)
- Monitoring workstation occupation rate
UserLock® Features
Simultaneous session prevention/restriction
UserLock® allows simultaneous logon (same ID, same password) limitation or prohibition, per user or user group and per session type (workstation, terminal, interactive or VPN/RAS).
A limit can also be set for the total number of sessions of all members of a group. This for example useful if each department of an organization is only allowed to open a limited number of terminal sessions on servers in order to fairly share resources.
Workstation(s) restriction
UserLock allows user or user group’s network access restriction per workstation or IP range. By doing this, users can be limited to their own workstation, department, floor, building…
Time restriction <!–
–>
UserLock allows defining working hours and/or maximum session time for protected users. Outside of this (these) timeframe(s) and/or when time is up, users will be disconnected with prior warning.
Alerts and notifications
UserLock can send popup or email alerts to the network administrators for specific events per user or group (denied logons, successful logons, logoffs…).
Remote session management
An administrator can remotely lock, unlock, logoff and reset all sessions, either from the administration console or the Web interface.
Tailor-made User Notification
UserLock allows notifying all users prior to gaining access to a system with a tailor-made warning message (NISPOM Chapter 8 and DCID 6/3 requirement).
Users can for example be advised that system usage is monitored, recorded, and subject to audit, and that unauthorized use is prohibited and subject to criminal and civil penalties.
They can also be provided with the following information:
- last workstation logged on
- date and time of last successful logon
- history of all logons denied by UserLock and Windows since last successful logon
- number of logons denied by UserLock and Windows since last successful logon
This is one of the most effective ways to detect people impersonating other user accounts.
End-user assistance
Network administrators can enable:
- an option allowing users to remotely disconnect their previous session as they logon to another computer. This will avoid users from having to go back to the previous computer.
- a public Web interface to display system usage (per session status) in real time, allowing users to easily find an available computer; the interface can for example display systems available in a room (depending on computer naming convention), ideal for organizations with free access computers.
Connectivity surveillance and monitoring
UserLock allows real time session surveillance and monitoring; at all times the administrator knows who is connected, from what workstation(s), since when…
Analysis and reporting
UserLock records all session logging and locking events in an ODBC database (Access, SQL Server, MySQL…) for future reference.
Reports can automatically be generated at regular intervals, in order to update an Intranet Web site, or being sent by Email.
UserLock® provides predefined reports:
- Session history: Comprehensive session list (logon, lock, unlock, logoff instances, users, domains, workstations…)
- Session Statistics: Displays for a given user and period, total sessions, total connection time, average time per session, per worked day or per week.
- Agent Distribution: View of the agent installation status on all computers of the protected network zone.
- User sessions: Instantaneous view of all user session at display time.
- Dashboard: Printable version of Dashboard
Flexibility, ease of use and security
- Centralized administration
UserLock®’s administration console gives access to all options and features, and is very simple to use; console can be installed on an administrative desktop. - Delegated administration
Specific users can be given the ability to view and manage sessions without having access to more critical UserLock settings such as protected accounts configuration, agent distribution … - Management via Web interface
Remote session management can be performed from any computer connected to the network. - Pin-pointed protection
UserLock allows protection for a single domain, several domains (with domain approbations) or only one of an Active Directory’s Organizational Units (OU). - Terminal session management and 64x systems
UserLock supports terminal sessions (Microsoft Terminal Server and Citrix Metaframe) as well as 64bit systems - RAS session management
UserLock® can protect RAS sessions on a RRAS server or on a hardware router with RADIUS authentication on a IAS server. - Easy setup
UserLock installs in minutes on a standard Windows Server (2000/2003/2008), a micro-agent is automatically deployed on selected workstations. - Backup
It is possible to install a UserLock backup server to guarantee protection even if the primary UserLock server crashes.
