Version History

Découvrir les bugs corrigés

• Outlook Web Access may generate numerous logon/logoff events in a short time interval in some cases.
• IIS Session revocation is not supported by the UserLock ISAPI Filter agent type.

• In some cases logons denied by Windows have an invalid client address.
• Regression introduced in version 8.01 The IP address is showing ?.?.?.? for workstation sessions.

• On a UserLock server (except in Standalone Terminal Server mode), Wi-Fi / VPN and IIS logons with local accounts denied by Windows are notified to the UserLock service although UserLock doesn't manage such events.
• The error event 100 "Opened session without SID" is inserted every time the User sessions view is displayed.
• The UserLock Server service can run at a high CPU usage of 100 percent when some specific errors occurs.
• On a Windows Server 2003 Domain Controller, the Desktop agent notifies all IIS logons denied by Windows for the IIS account "DomainName\IUSR_IisDcName" to the UserLock service.
• Client restrictions are no longer applied during session reconnections if a restriction of concurrent sessions allowed is also defined.
• When a terminal session reconnection is denied due to workstation restrictions only the first attempt is inserted in the database.
• In some cases the Database connection type is not correctly detected by the Web console.
• A user logon denied by Windows due to account restrictions is not displayed in the Session history report.
• The Web console dashboard displays some errors when UserLock is configured to use a MySQL ODBC database.
• The Windows console displays an error message when open on a server whose name starts with a number.
• In some cases the logoff is not notified by the UserLock Agent Service to the UserLock server when a computer is powered off.
• If no domain controller is available the NPS agent may not initialize correctly.

Découvrir les bugs corrigés

• When a user has a read only access to the server Properties, the account defined in the Impersonation section is indicated as invalid even it is actually valid.
• A Protected zone composed of many Organizational Units or domains is not displayed correctly in the server Properties.
• On the session history report "Since the specified number of days" can be empty.
• Quick filters applied from column heads of the User sessions view are lost after clicking on Refresh.
• It is not possible to connect to a remote server with the Web admin console from Windows 2003.
• Actions on Temporary Protected accounts do not work from the Windows console.
• Web console - Actions performed by the same UserLock operator from two different browsers are not automatically notified to both browsers.
• Web console - On tablet device, the server icon is moving when scrolling.
• The Service impersonation section should not be displayed in Standalone Terminal Server mode.
• Protected account settings are not saved in Standalone Terminal Server mode.
• Web console - The search feature from the Filter panel is only performed on data from the main column of the view.
• Well-know accounts are protected by UserLock.
• Settings are applied again when clicking OK even if Apply has already been clicked previously.
• It's impossible to click Apply or OK after having deleted a Time restriction or a Workstation restriction.
• The Logon Notification message doesn't contain the reason why the logon is denied.
• Agents communication pipes without any activity are not disconnected.
• When applying a Security permission right as authorized for Read and denied for Write, it's registered as denied for both Read and Write.
• The Windows Console crashes when an agent deployment action can't be cancelled.
• Remote logoff sent to an unavailable machine to apply a rule limit is performed anyway when the machine comes back online even if this rule limit is no longer relevent at that time.
• The IIS agent (ISAPI filter) is not compatible with the command line registration (REGSVR32).
• The IIS agent (HttpModule) is not compatible with the command line registration (REGSVR32).
• The Popup notification column from the Protected accounts view displays an incorrect status.
• Permissions set on the IIS agent log file and the IIS agent Registry key are incorrect.
• When the UserLock help file is opened in full screen mode, it's impossible to switch between the help file and the UserLock console.
• The UserLock IIS agent may crash its Application Pool when several Application Pools are running with different identities.
• It is not possible to save the result of a report executed in Raw data mode through the menu File/Save... of the Windows console.
• It's not possible to apply changes after having modified Logon events selection of the feature "Warn users in real time of all connection events involving their credentials".
• Restarting a computer without open session from the Machine view of the Web Console fails and displays an error.
• The message displayed on the Notification sent for Logon denied by Userlock is not enough understandable.
• Filter criteria from the Agent distribution view in the Web Console contain an unknown agent type.
• Column contents overlap in the Session history view of the Web Console when using small screens.
• Wi-Fi / VPN session names displayed in Protected Accounts Notifications are not as user friendly as those displayed in UserLock consoles.
• Webconsole, machine view, reboot a workstation with a session doesn't work
• It is not possible to schedule a SQL query
• After an upgrade the reporter still tries to access the default database at the old location
• The User status breakdown graph is taking a long time to be displayed in the Web Console Dashboard.
• An invalid service impersonation account generates many events from the UserLock service still trying to use it.
• The shutdown action is immediately initiated without warning previously users.
• The User session view option "Display AD tree" remains enabled after disabling it and refreshing the view.
• User statistics displayed on the Web Console Dashboard are inconsistent in some specific cases.
• IIS logons denied by Windows on a Web application configured in Basic authentication mode generate a second attempt of insertion in the database.
• Userlock Service cannot start when the Userlock.log log file contains only space characters.
• Local account names are not listed in the User sessions view in display mode by computers.
• The LogonInfo and Status fields are not synchronized between the Backup and the Primary server.
• The User status section and the license section of the Backup server are editable.
• In the Web Console, applying the filter "None" in the User sessions view generates an error.
• In the Web Console, switching the number of lines displayed in the User sessions and Agent distribution view can cause an error message.
• The Welcome message is not displaying the reason of a UserLock denied logon.

Découvrir les bugs corrigés

• Avec l'interface web, dans la section Général des propriétés du serveur "Fermeture des sessions excédantes" et "Ordre des sessions excédantes" étaient inversés.
• Avec l'interface web, dans la section Serveur de terminal indépendant des propriétés du serveur et dans la section Agent des propriétés Distribution de l'agent, "Toujours" et "Jamais" étaient inversés dans le paramètre Rejoindre une session existante.
• Problème de contenu de cellule dans la vue des sessions utilisateur sur les serveur de sauvegarde avec la console web.
• Une exception dans l'interface web lors de l'affichage des propriétés d'un serveur de sauvegarde.
• Une exception lors de l'affichage d'un rapport dans la console web et qu'aucun groupe protégé n'était défini.
• Le verrouillage et la fermeture de sessions non interactives était tenté alors que ce n'est pas possible.
• La possibilité d'afficher les nom des utilisateurs dans le SysLocator ne fonctionnait pas.
• Si l'évaluation de UserLock avait expirée et le service était redémarré il n'était plus possible d'administrer UserLock (erreur concernant l'expiration de la maintenance) et de saisir une nouvelle clé d'activation.
• Si le compte de service UserLock n'avait pas les droits d'administrations sur le serveur la librairie de messages pour l'observateur d'événement ne pouvait pas être enregistré.

Découvrir les bugs corrigés

• Il n'était pas possible de supprimer des comptes protégés depuis l'interface web.
• Sur Windows 2012 le pool d'application IIS UserLockAppPool n'était pas enregistré pour utiliser le framework .NET 2.
• L'entête des colonnes manquait dans le rapport des sessions utilisateur (par machine et par utilisateur).
• Un problème de disposition lorsque les propriétés d'un compte protégé étaient affichées dans certains navigateurs web.
• Avec l'interface web les buttons d'actions (fermeture, verrouillage, redémarrage, installation, ...) devenaient inactifs après un changement de page dans les Sessions utilisateur et dans Distribution de l'agent.
• Une console à distance ou la console web n'affichaient pas le nombre d'ordinateurs dans le fichier CSV de localisation.
• Le filtre prédéfini sélectionné dans la vue des sessions et la vue de distribution de l'agent n'était pas coché.

Découvrir les bugs corrigés

• La console web échouait à cause de problèmes de cryptage même quand le cryptage n'était pas nécessaire.
• Le journal de l'agent IIS augmentait en taille sans limitation.
• Les noms d'utilisateurs et les comptes ne correspondaient pas dans la vue des sessions dans certains rares cas.
• Lorsqu'un compte protégé ne pouvait pas être résolu à la création celui-ci restait dans cet état (SID affiché dans la console) même si la résolution était possible après coup.
• Les statistiques affichées à la fin du rapport d'historique des sessions étaient fausses dans certain cas.
• Les clients terminaux Mac généraient des erreurs sur le serveur UserLock.
• La vue distribution de l'agent pouvait crasher lorsqu'elle était filtrée par le dernier statut de vérification.
• L'agent pouvait crasher lorsqu'il y avait trop d'adresses IP affectées à la machine.
• La limite des sessions IIS dans les comptes protégés était perdue après un redémarrage du service.
• Le message de refus pour les sessions IIS affichait une chaîne de caractères non personnalisable.
• Dans certains cas un compte avec un SID inconnu empêchait UserLock de récupérer les noms affichés des comptes utilisateurs.
• Sur les serveurs Windows 2008/2008 R2 la console UserLock ne demandait pas l'élévation de privilège.
• Dans l'outil de configuration web le bouton Mise à jour n'était pas grisé lorsque la configuration de la console web était à jour.
• Bugs dans les rapports lorsqu'ils étaient utilisés avec une base de données MySQL.
• Bugs dans les rapports lorsqu'ils étaient lancés à partir de l'interface web.
• Bugs lorsqu'on décrémentait le temps consommé et que UserLock était installé en français.
• Les sessions IIS ne pouvaient pas être réinitialisées dans certains cas.
• Le temps consommé pour les quotas n'était pas maintenu sur le serveur de sauvegarde.
• Il n'était pas possible de réduire les temps consommé de plus que la période de quota. Même problème pour les informations de quota affichées dans le message de bienvenue.
• Il n'était pas possible de réinitialiser des sessions avec des comptes locaux.
• La fermeture de la précédente session ne fonctionnait pas sous Windows 2000.
• Si un masque de localisation était spécifié pour extraire la salle et l'immeuble du nom de la machine, de fausses sessions étaient affichées dans la vue des sessions par machines.
• L'application des paramètres serveur dans la console web générait le message "The specified cast is not valid".
• L'agent UserLock pouvait consommer 100 % de temps CPU sur une thread sur les ordinateurs avec de nombreuses connexions refusées par Windows (ex. serveur de terminal public attaqué par des bots).
• Si la longueur du nom de la zone excédait 512 caractères (beaucoup d'OUs avec des noms longs) le serveur UserLock basculait automatiquement vers le domaine complet comme zone protégée.
• Si les sessions IIS étaient contrôlées dans un pool d'application IIS avec un double point dans le nom, l'affichage de la vue des sessions utilisateur générait une exception.
• Problème dans les consoles d'administration si la zone protégée contenait plusieurs Unités Organisationnelles (OU) : seule la première OU était affichée dans les propriétés du serveur UserLock.
• Problème dans la vue "Comptes protégés" de la console d'administration Web, si on activait le filtre automatique : "Propriétés" était ajouté à l'entête de filtre et une page d'erreur était affichée si on cliquait dessus.
• Problème dans la vue "Sessions utilisateur" de la console d'administration Web, si on activait le filtre automatique : "Quotas" était ajouté à l'entête de filtre et une page d'erreur était affichée si le filtre ne correspondait à aucune donnée ou si "Sessions utilisateur" ne contenait rien.
• Problème dans la console d'administration Web: l'initialisation du cryptage est maintenant exécutée avec le compte du pool d'applications pour éviter des problèmes de droits avec des comptes utilisateurs.
• Le "Nom affiché" d'un compte protégé n'était pas résolu après le redémarrage du service UserLock.
• Si le nom NetBIOS de domaine était différent du nom AD alors les restrictions des comptes protégés de type OU n'étaient pas appliquées.
• Si plusieurs domaines étaient sélectionnés dans la zone protégée par UserLock, seul le premier était protégé par UserLock.
• Il n'était pas possible d'ajouter des ordinateurs dans les restrictions de poste de travail en recherchant dans l'Active Directory.
• Dans l'interface web il n'était pas possible d'ajouter une plage horaire pour le jeudi uniquement.
• Uniquement pour les environnements multi-forêts : si le DC d'un domaine était indisponible pendant le redémarrage du service UserLock, alors tous les comptes de ce domaine étaient remplacés par leur SID.
• Si un compte protégé était renommé et le service UserLock redémarré, alors il n'était plus possible de consulter les propriétés de ce compte protégé.
• Le cache de IE9 empêchait l'affichage de rapports à jour à partir de la console web.
• Problème dans la console d'administration Windows en anglais : les champs "Maximum session length" et "Maximum locked time" étaient inversés.
• Problème lors de l'envoi par l'agent Station au serveur UserLock des événements de sessions non notifiés : les événements de sessions avec des comptes locaux n'étaient pas correctement enregistrés.
• Problèmes d'affichage des comptes protégés dans les consoles d'administration dans le cas où le champ "Nom complet", "Nom canonique", "Destinataire de l'Email" ou "Destinataire du message réseau" contenait des points-virgules.
• Problème dans la gestion du comptage de licence : les sessions avec des comptes locaux étaient comptées dans le comptage de licence.
• Les noms des membres d'une Unité Organisationnelle extérieure au domaine étaient préfixés par le domaine protégé par UserLock au lieu du bon nom de domaine.
• Problèmes lors d'ajout de quotas de temps à un compte protégé.
• Problème lors de l'affichage de l'historique des sessions par clic droit sur un compte local.
• L'arborescence AD des "Sessions utilisateur" garde en mémoire le dernier élément sélectionné pour l'afficher de nouveau lors d'un accès ultérieur.
• Calcul des colonnes "Durée moyenne par jour ouvrable" et "Durée moyenne par semaine" sur le rapport "Statistiques des sessions RAS / VPN".
• Problèmes lors de la modification des restrictions d'un compte protégé sans validation entre les modifications.
• Problèmes lors de l'affichage du temps consommé et des quotas de temps effectifs depuis "Sessions utilisateur".

Discover the bugs fixed

• Customized logo header and footer were not displayed when a report was generated from the web interface.
• When displaying the session history of a user/computer from the web interface by clicking on the user/computer link, denied logons were not include in the report.
• The NPS agent was not writing in its log file in Windows 2008/2008 R2. On these versions of Windows the path of the log file is now c:\ProgramData\ISDecisions\UserLock\UlIasAgent.csv.
• Some bugs in the NPS agent on Windows 2008/2008 R2.
• The NPS agent was breaking down the computer authentication for Wi-Fi access points.
• A compatibility problem with NComputing terminal servers.
• Email notification were not always sent during the logoff of a member of a protected group.
• If sessions were closed or opened since the last web console refresh a logoff/lock/reset from the web console may be applied on a wrong session.
• In some cases, when the UserLock primary service stopped, some communication pipes remained open and agents did not failover on the backup server.
• A problem when displaying reports from a MySQL database.
• The configuration tree did sometimes not show up any longer and the console layout needed to be reset.
• Protected account settings for remote access sessions were not synchronized with the backup server.
• In the web interface, the hour restrictions mode was not reflecting actual settings on the server and changes did not take effect.
• If an exception occurred inside the service, a memory leak might have occurred in some cases.
• Every minute, the service has been generating an unneeded workload in the lsass.exe process and could slow down logons controlled by UserLock.
• UserLock performance counters were not working from a terminal session.
• UserLock performance counters did not work in a counter log because of security issues except if the account of the service "Performance logs and alerts" was switched to localsystem.
• The backup server was sometimes incorrectly displaying some sessions as orphaned.
• The UserLock service was sometimes hanging while stopping.
• In hour restrictions, times were not always displayed in US format if US culture was defined.
• For Windows Vista/7 workstations if the logoff could not be notified to the UserLock server, the previous session was not automatically cleaned when a new session was opened on the workstation.
• UserLock was unable to get the member list of nested groups from another domain.
• Editing a time frame was resetting concerned session types to interactive.
• Editing a workstation restriction or a custom session limit was also resetting concerned session types to interactive in the web console.
• A compatibility issue with Kbox on Windows Vista/7 computers.
• Modifying an hour or workstation restriction and applying it several times was duplicating it.
• A parenthesis "(" or ")" in a user display name was generating an exception in the UserLock console.
• The SysLocator was crashing when some Vista workstations had more than one session.
• If a deleted account was still listed in UserLock access permissions the console was unable to display server properties.
• The Session statistics report did not show up in the web console and was not generated when scheduled.
• The UserLock agent service on Windows Vista/2008/Seven/2008 R2 was in some case starting too slowly disallowing to control the first session after a boot if the user was very fast to enter his password. (Agent uninstallation and reinstallation needed).
• When new settings of a protected account were applied several times it could duplicate workstation restrictions, time frames or custom limits.
• Some bugs in the session history report.
• When the number of user sessions was exceeding the license no error events were generated to warn the administrator.
• In some case an exception was occurring when displaying the dashboard or sessions by machine.
• Applying new properties on the primary server with the web interface was unregistering the backup server and sessions were no longer synchronized.
• When a protected account was created in the web console with a different case than the AD, displaying immediately properties was generating an exception.
• The Windows console was allowing removing and adding protected accounts on the backup server even that a UserLock backup server is read only.

Discover the bugs fixed

• A slash (/) or a colon (:) in a user display name was generating an exception in the UserLock console.
• The error management while uninstalling an agent was not displaying an intelligible message in case of error (Unexpected error while executing the command).
• A bug in the AD tree if a domain contained several OUs with the same short name.
• The context menu on tabs was not working.
• The Windows Vista/2008 agent was launching the 32 bits UserInit.exe executable on 64 bits machines.
• Some column names in the raw data of the Session statistics report were in French.
• In some cases the agent distribution computer list was empty and an error event was generated in the server application log (source UL2000) with "Invalid parameter detected" in the description.
• It is possible again to add local groups and local users in the UserLock permissions.
• An access violation exception (Event id 700) in the UserLock service when a user was removed from the AD but a session was still registered in UserLock for him.
• After changing the connection string in the server properties the create table button did not work if you did not apply the new settings before (Error: "Failed to create the table! [Microsoft][ODBC Driver Manager] Function sequence error").
• A problem disallowing the agent to start on Windows 7.
• Resetting RAS sessions is now possible.
• Hyperlink allowing displaying the session history on a user is restored in the web console.
• AD tree is correctly displayed in the Windows console if more than one domain are in the protected network zone.
• AD tree is now kept after refreshing the agent distribution view in the Web console.
• Database reports can use again wildcard in the following field filters: user name, computer name, client name, client address.
• Various corrections of interface texts.

Discover the bugs fixed

• Some issues with Windows Vista and Windows Server 2008.
• Service wasn't stopping properly in case of a server shutdown/reboot.
• If a maximum session time was set immediately after the installation of UserLock all already opened user sessions could be logged off in some specific cases.
• A potential deadlock in the UserLock service.
• When trying to uninstall the agent from a computer without the agent installed a wrong error message was displayed.
• The previous session logoff dialog was not fully translated in English.
• A memory leak in the backup server.
• A session with a local account was sending connect/disconnect notification to the UserLock server leading to an error event.
• In some cases the web interface was unable to display reports.
• The welcome message wasn't displayed after the logoff of a previous session.
• If the logon rate was too high, the transaction log (ulagent.log) was not regularly cleaned.
• If a protected account was based on a universal group, UserLock wasn't including members of other domains in the list of concerned users.
• If a UserLock admin had only the right to administrate sessions he was unable to display reports because he was not allowed to retrieve the database connection string.
• Internal exceptions when the user session list was empty.
• Crash of the session statistics report when the database was empty.
• The ascending/descending order radio buttons were not working correctly in the session statistics report.
• Some temporary files were not cleaned while generating report in a batch or in a scheduled task.
• When disconnecting a locked terminal session the UserLock service was sometimes thinking that the session was still active.
• The permissions tab and the user sessions by computer view were not grayed on backup servers.
• A bug was making crash the MMC console in some cases while refreshing the view.
• A bug in hours management when a session needed to be closed at 12:00 AM.
• A handle leak while sending E-mail notifications.
• Two memory leaks in the UserLock service.
• Removed: The beta warning.
• A bug in the web console while displaying sessions by user.
• A bug leading to users with empty names.
• A bug while deploying the agent on Windows Vista computers.
• Important! Existing customers with an up to date maintenance need to ask for their new UserLock 4 license key before installing this new version on their network.

Discover the bugs fixed

• The UserLock server no longer tries to deploy the GINA agent on Windows Vista computers. "OS not supported" is returned.
• In some cases a communication problem was leading to display invalid characters.
• In some rare cases the database insertion thread was crashing while connecting to the database.
• The protected zone was not configured correctly for domains with a NetBIOS name different than the hostname. Symptoms: Just the server itself was displayed in agent distribution.
• The web interface configuration tool was changing the authentication mode on the root folder of the IIS site instead of doing it directly on the UserLock virtual folder.
• A UserLock service installed on a Windows 2003 SP1 server was unable to deploy the agent on 64 bits computers.
• A problem while sending E-mail notifications to some specific SMTP servers.
• The UserLock service was hanging in some cases (Error 0x0000079 in the console).
• A few bugs in reports.
• A bug in the LogonCleaner.
• A bug in the communication between the web console and the UserLock server. The user sessions list or the agent distribution list were incomplete in some cases.
• A bug in the policy.
• In some rare cases if an internal exception occured in the UserLock service users were unable to logon (a service restart was needed to fix the problem).
• A few bugs in the web console.
• UserLock was not working correctly on domains with an '@' character in the NetBIOS name.
• Citrix presentation server 4.0 register now its GINA in a different way and this was leading after an upgrade of both products to the unability to open ICA sessions (the logon hang).
• The database insertion thread was crashing in some case disallowing any new insertions.
• UserLock 3.5 beta 2 was unable to logoff/lock users with the administration console.
• Database connection string changes through the web interface were not applied immediately.
• The 404 web page was not correctly registered in the IIS virtual folder.

Discover the bugs fixed

• A memory leak in the service when the network zone was an Organization Unit.
• If the UserLock service was installed on a Windows server 2003 the console launched reports on the default database with a wrong connection string.
• In the User sessions report the total computer time was wrong in some cases.
• Wild card characters were not working when using the User sessions report on a MS Access database.
• The configuration wizard was unable to display organizational units on domain with a NetBIOS name different from the DNS name.
• When the remote registry service was not running on workstations the agent status was false (Upgrading (Waiting for reboot)) and the deployer did not report any error while installing the agent.
• Reports were printing the result on two US letter pages instead of one. If you still have the problem please contact us at suport@isdecisions.com.
• A bug in the database insertion. An invalid character was added at the end of strings for some databases.
• The uninstall link was not checking if agents were still deployed.
• A bug while trying to send a test E-Mail or while specifying a new database connection string in the console (Unable to read data & Permanent error).
• The deployer was unable to update the agent on computers with a third party GINA installed.
• After registering the backup server client workstations were configured only after the next service start.
• After a workstation reboot the UserLock server was not able to detect lost sessions on this workstation.
• Client restrictions were not applied on terminal sessions during a session reconnection.
• A communication problem between the console and the server occuring only in rare cases (Symptom: incomplete computer and session list).
• Crash of the USerLock service if not enough swap file was available on the server.
• For workstations with a NetBIOS name with more than 15 characters the logoff was sometimes locking up the workstation.
• In evaluation mode the lock/unlock activity was not inserted in the database.
• The export in CSV was not working in reports.
• A bug that was leading in some cases to a service hang.
• A bug in the logon policy.
• When locking terminal sessions from the console the session was closed instead of disconnected.
• When a logon was denied for a terminal session a logoff was generated immediately after.
• Information: This version is compliant with the agent of all versions greater or equal than 2.4. However if a UserLock 2.xx agent is deployed you should upgrade the agent as soon as possible to get all new features working.

Discover the bugs fixed

• A bug leading to a periodic service crash in some cases.
• The logons can be ordered according the logon/logoff time in the console.
• Displayed columns can now be customized in the console.
• Bug in the policy settings.
• Bug in the notifications. The already logged on computers were not displayed since the 2.6 version.