To leverage the user activity monitor, a DeviceLock administrator should first configure rules that cause the DeviceLock Service to start recording certain user activities. These rules are administered by using commands on the node User Activity Monitor > Rules in the DeviceLock Management Console when connected to an endpoint’s DeviceLock Service, or in the DeviceLock Service Settings Editor console or DeviceLock Group Policy Manager. The Manage command from the shortcut menu on that node opens a dialog box where rules are configured as follows:

For further details, see Creating rules later in this chapter.

The monitoring data captured by the DeviceLock Service is initially stored on the local computer, which allows the administrator to view local records of user actions in the DeviceLock Management Console connected to the endpoint’s DeviceLock Service. This can be accomplished by using the DeviceLock Service > User Activity Monitor > UAM Log Viewer node.

For a centralized viewing and analysis of the recordings made on different computers, it is necessary to transfer user activity monitoring data to the DeviceLock Enterprise Server. The servers to collect and hold that data must be specified by the DeviceLock Enterprise Server(s) option of the DeviceLock Service. In addition, the Transfer shadow data to server option must be set to Enable.

To view user activity monitoring records on the DeviceLock Enterprise Server, use the DeviceLock Enterprise Server > UAM Log Viewer node in the DeviceLock Management Console. The console displays a list of all user activity records available on the server, allowing authorized persons to view video recordings of computer screens along with records of keyboard input and other data related to user activity. For further details, see Viewing User Activity later in this chapter.