UserLock

UserLock® secures access to Windows® networks and mitigate insider threat by:

• restricting simultaneous sessions
• limiting user access to the network
• providing administrators with remote session control, alert options and advanced reporting for session analysis.

UserLock^® functionality

UserLock significantly reinforces Windows infrastructures security by giving network administrators the ability to:

• implement and enforce efficient restriction and access policies for Windows 2000/XP/2003/Vista/2008/Seven networks (LAN and WAN)
• be alerted when specific events occur (accepted logins, denied logins…) by user or user group
• remotely log off or lock a user session
• monitor in real time all connectivity on the network
• automatically log activity and generate precise session reports and statistics
• …

You will be able to:

• limit the amount of simultaneous sessions (same ID, same password) per user or per user group
• limit user access to the network per computer or computer range (department, room, floor, building…)
• enforce logon time restrictions on a group-by-group basis
• know at any time what user(s) is/are connected, from what workstation(s), since when…

How does UserLock^® work?

UserLock is very simple to use and doesn’t require any prior training.

Only a few minutes are necessary to get UserLock running and securing access to your network:

• Install UserLock on a Windows server (needn’t be the domain controller) and select the zone you wish to protect (all trusted domains, one domain or an organizational unit) using the setup assistant.
• Deploy the UserLock ‘agent’ (100 KB dll) to a selection of workstations from the administration console.
• Define for each user or user group the total amount of simultaneous sessions allowed.
• Define for each user or user group the workstation(s) from which they can login.
• Define logon time restrictions on a group-by-group basis

Why buy UserLock^®?

Using UserLock in your environment will bring you the following advantages:

• help toward your information systems compliance as to multiple international regulations and standards (HIPAA, Sarbane-Oxley, GLBA, NIST/FIPS, ITIL, COBIT, CISP, ISO 17799…)
• Significantly reinforce your Information System’s Security by:
  • eradicating hazardous user practices such as:
    - Reading unintended emails
    - Sending emails under a usurped identity
    - Accessing unauthorized files
    - Using passwords stored in Windows
    - Concealing any malpractices behind false ID
    - …
  • monitoring in real time all session activity and knowing at all times who is connected, from where and since when…
  • setting popup or email alerts for specific events per user or group (denied logons, successful logons, logoffs…).
• optimizing your network’s usage (public or shared workstations in open spaces, classrooms, departments…) by:
  • Stopping users from logging on to several workstations simultaneously
  • Remotely controlling all sessions (lock, logoff, reset…)
  • Monitoring workstation occupation rate

UserLock^® Features

Simultaneous session prevention/restriction

UserLock® allows simultaneous logon (same ID, same password) limitation or prohibition, per user or user group and per session type (workstation, terminal, interactive or VPN/RAS).

A limit can also be set for the total number of sessions of all members of a group. This for example useful if each department of an organization is only allowed to open a limited number of terminal sessions on servers in order to fairly share resources.

Workstation(s) restriction

UserLock allows user or user group’s network access restriction per workstation or IP range. By doing this, users can be limited to their own workstation, department, floor, building…

Time restriction <!––>

UserLock allows defining working hours and/or maximum session time for protected users. Outside of this (these) timeframe(s) and/or when time is up, users will be disconnected with prior warning.

Alerts and notifications

UserLock can send popup or email alerts to the network administrators for specific events per user or group (denied logons, successful logons, logoffs…).

Remote session management

An administrator can remotely lock, unlock, logoff and reset all sessions, either from the administration console or the Web interface.

Tailor-made User Notification

UserLock allows notifying all users prior to gaining access to a system with a tailor-made warning message (NISPOM Chapter 8 and DCID 6/3 requirement).
Users can for example be advised that system usage is monitored, recorded, and subject to audit, and that unauthorized use is prohibited and subject to criminal and civil penalties.

They can also be provided with the following information:

• last workstation logged on
• date and time of last successful logon
• history of all logons denied by UserLock and Windows since last successful logon
• number of logons denied by UserLock and Windows since last successful logon

This is one of the most effective ways to detect people impersonating other user accounts.

End-user assistance

Network administrators can enable:

• an option allowing users to remotely disconnect their previous session as they logon to another computer. This will avoid users from having to go back to the previous computer.
• a public Web interface to display system usage (per session status) in real time, allowing users to easily find an available computer; the interface can for example display systems available in a room (depending on computer naming convention), ideal for organizations with free access computers.

Connectivity surveillance and monitoring

UserLock allows real time session surveillance and monitoring; at all times the administrator knows who is connected, from what workstation(s), since when…

Analysis and reporting

UserLock records all session logging and locking events in an ODBC database (Access, SQL Server, MySQL…) for future reference.

Reports can automatically be generated at regular intervals, in order to update an Intranet Web site, or being sent by Email.

UserLock® provides predefined reports:

• Session history: Comprehensive session list (logon, lock, unlock, logoff instances, users, domains, workstations…)
• Session Statistics: Displays for a given user and period, total sessions, total connection time, average time per session, per worked day or per week.
• Agent Distribution: View of the agent installation status on all computers of the protected network zone.
• User sessions: Instantaneous view of all user session at display time.
• Dashboard: Printable version of Dashboard

Flexibility, ease of use and security

• Centralized administration
  UserLock®’s administration console gives access to all options and features, and is very simple to use; console can be installed on an administrative desktop.
• Delegated administration
  Specific users can be given the ability to view and manage sessions without having access to more critical UserLock settings such as protected accounts configuration, agent distribution …
• Management via Web interface
  Remote session management can be performed from any computer connected to the network.
• Pin-pointed protection
  UserLock allows protection for a single domain, several domains (with domain approbations) or only one of an Active Directory’s Organizational Units (OU).
• Terminal session management and 64x systems
  UserLock supports terminal sessions (Microsoft Terminal Server and Citrix Metaframe) as well as 64bit systems
• RAS session management
  UserLock® can protect RAS sessions on a RRAS server or on a hardware router with RADIUS authentication on a IAS server.
• Easy setup
  UserLock installs in minutes on a standard Windows Server (2000/2003/2008), a micro-agent is automatically deployed on selected workstations.
• Backup
  It is possible to install a UserLock backup server to guarantee protection even if the primary UserLock server crashes.

Download here

Broad Active Directory Management in a Single Product

Active Directory Management involves the delegating, securing, configuring, managing and auditing of changes to Microsoft’s implementation of LDAP directory services for use in Windows environments. The main purpose of Active Directory is to provide central authentication and authorization services. Active Directory has native tools for basic administration, but, lack enterprise-class management capabilities that give administrators the ability to view, audit and report on the ever-changing state of their Active Directory infrastructure.

Active Administrator™ is an enterprise-class Active Directory management and auditing solution that takes over where the management tools supplied with Windows leave off.

Active Administrator, the comprehensive Active Directory solution from ScriptLogic provides administrators the ability to establish, view and enforce delegated security throughout Active Directory management, perform comprehensive Group Policy management including Group Policy reporting and Resultant Set of Policies (RSoP) as well as powerful auditing and reporting of changes within Active Directory.

Key Benefits of Active Administrator:

• Centralize the audit trail of all Active Directory changes including the “before” and “after” values
• Instantly recover users, groups, OUs containers and more from AD backups and reduce network downtime
• Manage Group Policy for users and computers with advanced editing, analyzing, reporting and undo capabilities
• Secure Active Directory by controlling administrative rights: who can create accounts, change group memberships, reset passwords, update user information and more…

Download from here