Base class for ProtectedAccount and ProtectedAccountEffective. More...
Public Types | |
| enum | Trilean { Disabled = 0, Enabled = 1, NotConfigured = I_NOTCONFIGURED2 } |
| Enumeration of state for settings that can be disabled, enabled or not configured. See DisplayWelcomeMessageNew and AllowClosePreviousNew properties. More... | |
| enum | ExpirationActionEnum { Logoff = 1, Lock = 2, DoNothing = 0, NotConfigured = 3 } |
| Enumeration of actions that can be done when allowed logon hours have expired for a user. See the property ExpirationActionNew. More... | |
| enum | AccountPropertyList : uint { None = 0x00, UserLock = 0x01, Workstations = 0x02, Hours = 0x04, Group = 0x08, NonInteractive = 0x10, Iis = 0x20, Ras = 0x40, List = 0x80, Information = 0x100, All = 0xFFF } |
| Enumeration of all groups of properties in the ProtectedAccount class allowing to get or set only selected properties. See the methods GetInfo and SetInfo of the class ProtectedAccount or the method GetProtectedAccount of the class UserLockServer. More... | |
| enum | ComplexEffRestsPropertyList : byte { None = 0x00, TimeQuotas = 0x01, TimeFrames = 0x02, ClientRestrictions = 0x04, LockedByUserLock = 0x08, GroupRestrictions = 0x10, GeolocRestrictions = 0x20, All = TimeQuotas | TimeFrames | ClientRestrictions | LockedByUserLock | GroupRestrictions | GeolocRestrictions } |
| Enumeration of all complex effective restrictions (cannot be stored in ProtectedAccount fields because they need additional data). Specific to effective restrictions of an user account (not compatible with protected accounts). More... | |
Public Member Functions | |
| override void | GetInfo () |
| Get/refresh all properties of the protected account from the server. More... | |
| void | GetInfo (AccountPropertyList propertyList) |
| Get/refresh select groups of properties of the protected account from the server. See the enum AccountPropertyList. More... | |
| void | GetNonInteractiveTabProperties () |
| Reserved for future use. More... | |
Public Attributes | |
Constants | |
| const int | I_NOTCONFIGURED = -2 |
| const int | I_UNLIMITED = -1 |
| const int | I_DISABLED = 0 |
| const int | I_ENABLED = 1 |
| const int | I_NOTCONFIGURED2 = 2 |
Protected Attributes | |
| bool | _SubAuthApplyWsRestrictions = true |
| List of concurrent session limits for different kind of sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. /private CustomSessionLimits _GroupCustomSessionLimits = new CustomSessionLimits();. | |
Properties | |
| virtual bool | IsLockedByUserlock [get, set] |
| True if the user account is locked. False otherwise. Overridden in the ProtectedAccountEffective class. More... | |
| virtual string | LockedByUserlockMsg [get, set] |
| Message displayed to the user when his account is locked by Userlock. More... | |
| Trilean | MfaEnabled [get, set] |
| If the MFA is enabled for this Protected Account More... | |
| int | MfaWorkstationCacheDuration [get, set] |
| The cache for workstation MFA unlocking in days More... | |
| int | MfaServerCacheDuration [get, set] |
| The cache for server MFA unlocking in days More... | |
| Trilean | MfaWorkstationExtendCacheDuration [get, set] |
| If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to extend. More... | |
| Trilean | MfaServerExtendCacheDuration [get, set] |
| If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to not extend. More... | |
| Trilean | MfaSkipEnabled [get, set] |
| IF the Skip for MFA configuration is enabled. If so, the end duration is More... | |
| DateTime | MfaSkipEnd [get, set] |
| The end date for MFA configuration skip. No effect if More... | |
| Trilean | MfaServerOnlyTerminal [get, set] |
| If the MFA only applies to terminal/RDP sessions on server. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1 More... | |
| Trilean | MfaWorkstationOnlyTerminal [get, set] |
| If the MFA only applies to terminal/RDP sessions on workstations. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1 More... | |
| MfaConnectionTypes | MfaServerConnectionTypes [get, set] |
| Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions). More... | |
| MfaConnectionTypes | MfaWorkstationConnectionTypes [get, set] |
| Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions). More... | |
| MfaRestrictionParams | MFAServerRestrictionParams [get, set] |
| Parameters for the MFA that applies to server sessions. More... | |
| MfaRestrictionParams | MFAWorkstationRestrictionParams [get, set] |
| Parameters for the MFA that applies to workstation sessions. More... | |
| MfaRestrictionParams | MFAIISRestrictionParams [get, set] |
| Parameters for the MFA that applies to IIS sessions. More... | |
| MfaRestrictionParams | MfaVPNRestrictionParams [get, set] |
| Parameters for the MFA that applies to VPN sessions. More... | |
| MfaRestrictionParams | MfaSaasRestrictionParams [get, set] |
| Parameters for the MFA that applies to SaaS events. More... | |
| Trilean | GeolocationEnabled [get, set] |
| If the geolocalisation is enabled More... | |
| bool | IsAnyConfigured [get] |
| Get if any restriction kind is configured. More... | |
Account Information | |
| String | Name [get, set] |
| String | AccountName [get, set] |
| Windows account name of the protected user/group. Distinguished name for protected OUs. More... | |
| String | DisplayAccountName [get] |
| Display name for the protected account More... | |
| string | FullAccountName [get] |
| Full account name of the protected account (DomainName\AccountName) More... | |
| string | Sid [get] |
| SID of the protected user/group More... | |
| String | FullName [get] |
| Display name of the protected account More... | |
| String | CanonicalName [get] |
| Canonical name of the object in the Active Directory More... | |
| bool | IsUser [get] |
| True if this is a protected user. False otherwise. More... | |
| ProtectedAccountType | Type [get, set] |
| Type of the protected account. See the enum ProtectedAccountType. More... | |
| string | TextType [get] |
| More... | |
| String | _AccountName = String.Empty |
| string | _FullAccountName |
| string | _Sid |
| String | _FullName = String.Empty |
| String | _CanonicalName = String.Empty |
| ProtectedAccountType | _Type |
General | |
| int | NbConcurrentLogins [get, set] |
| Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions). I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | NbConcurrentWorkstations [get, set] |
| Maximum number of concurrent workstation sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | NbConcurrentTerminals [get, set] |
| Maximum number of concurrent terminal sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | RasNbConcurrent [get, set] |
| Maximum number of concurrent Wi-Fi / VPN sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | IisNbConcurrentMax [get, set] |
| Maximum number of concurrent IIS sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| Trilean | AllowSaaSSessions [get, set] |
| Allow or deny SaaS logins. More... | |
| CustomSessionLimits | CustomSessionLimits [get, set] |
| List of concurrent session limits for different kind of sessions. I_UNLIMITED if unlimited, I_NOTCONFIGURED is denied because it does not make sense to not configure a custom session limit. More... | |
| int | NbConcurrentInitialAccessPoints [get, set] |
| Maximum number of concurrent initial access points. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| Trilean | OnlyOneActiveSession [get, set] |
| Get/set if UserLock must leave only one active session (interactive), in case of users who has more than one limited session. More... | |
| bool | DisplayWelcomeMessage [get, set] |
| More... | |
| Trilean | DisplayWelcomeMessageNew [get, set] |
| Get/set if the welcome message should be set for the user or for members of the protected group/OU. More... | |
| bool | AllowClosePrevious [get, set] |
| More... | |
| Trilean | AllowClosePreviousNew [get, set] |
| Get/set if the user is allowed to close previous sessions when the new session is not allowed. More... | |
| int | _NbConcurrentLogins = I_NOTCONFIGURED |
| int | _NbConcurrentWorkstations = I_NOTCONFIGURED |
| int | _NbConcurrentTerminals = I_NOTCONFIGURED |
| int | _RasNbConcurrent = I_NOTCONFIGURED |
| int | _IisNbConcurrentMax = I_NOTCONFIGURED |
| Trilean | _AllowSaaSSessions = Trilean.NotConfigured |
| CustomSessionLimits | _CustomSessionLimits |
| int | _NbConcurrentInitialAccessPoints = I_NOTCONFIGURED |
| TrileanPropertyCommand | _OnlyOneActiveSession |
| TrileanPropertyCommand | _DisplayWelcomeMessage |
| TrileanPropertyCommand | _AllowClosePrevious |
Notifications | |
| String | PopupRecipient [get, set] |
| Computer that will receive popup notifications when the user open/close a session of when UserLock deny a logon. More... | |
| bool | PopupLoginNotification [get, set] |
| More... | |
| bool | PopupLogoffNotification [get, set] |
| More... | |
| bool | FailedPopupLoginNotification [get, set] |
| More... | |
| Trilean | EnabledPopupNotifs [get, set] |
| Get/set if popup notifications are enabled or not. More... | |
| Notifications | PopupNotifications [get, set] |
| List of all popup notifications that should be sent. More... | |
| String | EmailRecipient [get, set] |
| E-mail recipients for E-mail notifications. More... | |
| bool | EmailLoginNotification [get, set] |
| More... | |
| bool | EmailLogoffNotification [get, set] |
| More... | |
| bool | FailedEmailLoginNotification [get, set] |
| More... | |
| Trilean | EnabledEmailNotifs [get, set] |
| Get/set if email notifications are enabled or not. More... | |
| Notifications | EmailNotifications [get, set] |
| List of all email notifications that should be sent. More... | |
| Trilean | EnabledSameCredNotifs [get, set] |
| Get/set if same credential notifications are enabled or not. More... | |
| Notifications | SameCredNotifs [get, set] |
| List of all same credential notifications that should be enforced. More... | |
| String | _PopupRecipient = String.Empty |
| bool | _EnabledPopupNotifs = false |
| Notifications | _PopupNotifications = new Notifications() |
| String | _EmailRecipient = String.Empty |
| bool | _EnabledEmailNotifs = false |
| Notifications | _EmailNotifications = new Notifications () |
| bool | _EnabledSameCredNotifs = false |
| Notifications | _SameCredNotifs = new Notifications() |
Workstation restrictions | |
| bool | ExceptWorkstations [get, set] |
| More... | |
| int | ExceptWorkstationsNew [get, set] |
| I_ENABLED: any workstation is allowed except workstations listed in Computers, IpRanges or OuRestrictions. I_DISABLED: only workstations in Computers, IpRanges or OuRestrictions are allowed. More... | |
| RestrictionMode | WorkstationRestrictionsMode [get, set] |
| Workstations | Computers [get, set] |
| List of allowed or denied workstations depending on the property ExceptWorkstationsNew More... | |
| int | ComputerCount [get] |
| Number of workstations listed in the Computers property. More... | |
| IpRanges | IpRanges [get, set] |
| Allowed or denied IP ranges depending on the property ExceptWorkstationsNew. More... | |
| int | IpRangeCount [get] |
| Number of IP ranges listed in the property IpRanges. More... | |
| OuRestrictions | OuRestrictions [get, set] |
| Allowed or denied organizational units depending on the property ExceptWorkstationsNew. More... | |
| int | OuRestrictionsCount [get] |
| Number of organization units in OuRestrictions. More... | |
| int | _ExceptWorkstations = I_NOTCONFIGURED2 |
| Workstations | _Computers |
| IpRanges | _IpRanges |
| OuRestrictions | _OuRestrictions |
Time restrictions | |
| bool | ExceptTimeFrames [get, set] |
| More... | |
| int | ExceptTimeFramesNew [get, set] |
| I_ENABLED: a logon is allowed any time except in the time frames listed in the TimeFrames property. I_DISABLED: a logon is never allowed except during time frames listed in the TimeFrames property. More... | |
| RestrictionMode | HourRestrictionsMode [get, set] |
| TimeFrames | TimeFrames [get, set] |
| List of allowed or denied time frames depending on the property ExceptTimeFramesNew. More... | |
| int | MaxSessionLength [get, set] |
| Maximum allowed session length in minutes. I_NOTCONFIGURED there is not session length limit. More... | |
| int | MaxInactivity [get, set] |
| Maximum allowed locked time before USerLock closes the session. More... | |
| ExpirationActionEnum | ExpirationAction [get, set] |
| More... | |
| ExpirationActionEnum | ExpirationActionNew [get, set] |
| Action that UserLock will execute once a session is outside allowed logon hours. See the enum ExpirationActionEnum More... | |
| int | TimeCountdown [get, set] |
| Time countdown in minutes while the notification message is displayed and before the session is closed by UserLock. More... | |
| Trilean | EnabledTimeQuotas [get, set] |
| Get/set if time quotas are Not configured, enabled or disabled. More... | |
| TimeQuotas | TimeQuotas [get, set] |
| List of all time quotas that should be enforced. More... | |
| int | _ExceptTimeFrames = I_NOTCONFIGURED2 |
| TimeFrames | _TimeFrames |
| int | _MaxSessionLength = I_NOTCONFIGURED |
| int | _MaxInactivity = I_NOTCONFIGURED |
| ExpirationActionEnum | _ExpirationAction = ExpirationActionEnum.DoNothing |
| int | _TimeCountdown = I_NOTCONFIGURED |
| bool | _EnabledTimeQuotas = true |
| TimeQuotas | _TimeQuotas |
Group restrictions | |
| int | NbConcurrentGroupLogins [get, set] |
| Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions) of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | NbConcurrentGroupWorkstations [get, set] |
| Maximum number of concurrent workstation sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | NbConcurrentGroupTerminals [get, set] |
| Maximum number of concurrent terminal sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | RasNbConcurrentGroup [get, set] |
| Maximum number of concurrent Wi-Fi / VPN sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | IisNbConcurrentGroup [get, set] |
| Maximum number of concurrent IIS sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. More... | |
| int | _NbConcurrentGroupLogins = I_NOTCONFIGURED |
| int | _NbConcurrentGroupWorkstations = I_NOTCONFIGURED |
| int | _NbConcurrentGroupTerminals = I_NOTCONFIGURED |
| int | _RasNbConcurrentGroup = I_NOTCONFIGURED |
| int | _IisNbConcurrentGroup = I_NOTCONFIGURED |
Detailed Description
Base class for ProtectedAccount and ProtectedAccountEffective.
Member Enumeration Documentation
| enum Trilean |
Enumeration of state for settings that can be disabled, enabled or not configured. See DisplayWelcomeMessageNew and AllowClosePreviousNew properties.
| Enumerator | |
|---|---|
| Disabled |
The setting is disabled. |
| Enabled |
The setting is enabled. |
| NotConfigured |
The setting is not considered. |
| enum ExpirationActionEnum |
Enumeration of actions that can be done when allowed logon hours have expired for a user. See the property ExpirationActionNew.
| enum ComplexEffRestsPropertyList : byte |
Enumeration of all complex effective restrictions (cannot be stored in ProtectedAccount fields because they need additional data). Specific to effective restrictions of an user account (not compatible with protected accounts).
Member Function Documentation
| override void GetInfo | ( | ) |
Get/refresh all properties of the protected account from the server.
| void GetInfo | ( | AccountPropertyList | propertyList | ) |
Get/refresh select groups of properties of the protected account from the server. See the enum AccountPropertyList.
| void GetNonInteractiveTabProperties | ( | ) |
Reserved for future use.
Property Documentation
|
getset |
Windows account name of the protected user/group. Distinguished name for protected OUs.
|
get |
Display name for the protected account
|
get |
Full account name of the protected account (DomainName\AccountName)
|
get |
SID of the protected user/group
|
get |
Display name of the protected account
|
get |
Canonical name of the object in the Active Directory
|
get |
True if this is a protected user. False otherwise.
|
getset |
Type of the protected account. See the enum ProtectedAccountType.
|
get |
Type of the protected account in text.
|
getset |
Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions). I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent workstation sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent terminal sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent Wi-Fi / VPN sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent IIS sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Allow or deny SaaS logins.
List of concurrent session limits for different kind of sessions. I_UNLIMITED if unlimited, I_NOTCONFIGURED is denied because it does not make sense to not configure a custom session limit.
|
getset |
Maximum number of concurrent initial access points. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Get/set if UserLock must leave only one active session (interactive), in case of users who has more than one limited session.
|
getset |
- Deprecated:
- Get/set if the welcome message should be set for the user or for members of the protected group/OU (obsolete because does not manage the NotConfigured status).
|
getset |
Get/set if the welcome message should be set for the user or for members of the protected group/OU.
|
getset |
- Deprecated:
- Get/set if the user is allowed to close previous sessions when the new session is not allowed (obsolete because does not manage the NotConfigured status).
|
getset |
Get/set if the user is allowed to close previous sessions when the new session is not allowed.
|
getset |
Computer that will receive popup notifications when the user open/close a session of when UserLock deny a logon.
|
getset |
- Deprecated:
- Get/set if a popup should be sent when a user open a session (obsolete, use property PopupNotifications).
|
getset |
- Deprecated:
- Get/set if a popup should be sent when a user close a session (obsolete, use property PopupNotifications).
|
getset |
- Deprecated:
- Get set if a popup should be sent when a user is denied to logon by UserLock (obsolete, use property PopupNotifications).
|
getset |
Get/set if popup notifications are enabled or not.
|
getset |
List of all popup notifications that should be sent.
|
getset |
E-mail recipients for E-mail notifications.
|
getset |
- Deprecated:
- Get/set if an E-mail should be sent when a user opens a session (obsolete, use property EmailNotifications).
|
getset |
- Deprecated:
- Get/set if an E-mail should be sent when a user closes a session (obsolete, use property EmailNotifications).
|
getset |
- Deprecated:
- Get/set if an E-mail should be sent when a logon was denied by UserLock (obsolete, use property EmailNotifications).
|
getset |
Get/set if email notifications are enabled or not.
|
getset |
List of all email notifications that should be sent.
|
getset |
Get/set if same credential notifications are enabled or not.
|
getset |
List of all same credential notifications that should be enforced.
|
getset |
- Deprecated:
- I_ENABLED: any workstation is allowed except workstations listed in Computers, IpRanges or OuRestrictions. I_DISABLED: only workstations in Computers, IpRanges or OuRestrictions are allowed (obsolete because does not manage the NotConfigured status).
|
getset |
I_ENABLED: any workstation is allowed except workstations listed in Computers, IpRanges or OuRestrictions. I_DISABLED: only workstations in Computers, IpRanges or OuRestrictions are allowed.
|
getset |
List of allowed or denied workstations depending on the property ExceptWorkstationsNew
|
get |
Number of workstations listed in the Computers property.
Allowed or denied IP ranges depending on the property ExceptWorkstationsNew.
|
get |
Number of IP ranges listed in the property IpRanges.
|
getset |
Allowed or denied organizational units depending on the property ExceptWorkstationsNew.
|
get |
Number of organization units in OuRestrictions.
|
getset |
- Deprecated:
- I_ENABLED: a logon is allowed any time except in the time frames listed in the TimeFrames property. I_DISABLED: a logon is never allowed except during time frames listed in the TimeFrames property (obsolete because does not manage the NotConfigured status).
|
getset |
I_ENABLED: a logon is allowed any time except in the time frames listed in the TimeFrames property. I_DISABLED: a logon is never allowed except during time frames listed in the TimeFrames property.
|
getset |
List of allowed or denied time frames depending on the property ExceptTimeFramesNew.
|
getset |
Maximum allowed session length in minutes. I_NOTCONFIGURED there is not session length limit.
|
getset |
Maximum allowed locked time before USerLock closes the session.
|
getset |
- Deprecated:
- Action that UserLock will execute once a session is outside allowed logon hours. See the ExpirationActionEnum enum (obsolete because does not manage the NotConfigured status).
|
getset |
Action that UserLock will execute once a session is outside allowed logon hours. See the enum ExpirationActionEnum
|
getset |
Time countdown in minutes while the notification message is displayed and before the session is closed by UserLock.
|
getset |
Get/set if time quotas are Not configured, enabled or disabled.
|
getset |
List of all time quotas that should be enforced.
|
getset |
Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions) of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent workstation sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent terminal sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent Wi-Fi / VPN sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
Maximum number of concurrent IIS sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
|
getset |
True if the user account is locked. False otherwise. Overridden in the ProtectedAccountEffective class.
|
getset |
Message displayed to the user when his account is locked by Userlock.
|
getset |
If the MFA is enabled for this Protected Account
|
getset |
The cache for workstation MFA unlocking in days
|
getset |
The cache for server MFA unlocking in days
|
getset |
If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to extend.
|
getset |
If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to not extend.
|
getset |
IF the Skip for MFA configuration is enabled. If so, the end duration is
MfaSkipEnd
|
getset |
The end date for MFA configuration skip. No effect if
MfaSkipEnabled != Trilean.Enabled
|
getset |
If the MFA only applies to terminal/RDP sessions on server. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1
|
getset |
If the MFA only applies to terminal/RDP sessions on workstations. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1
|
getset |
Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions).
|
getset |
Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions).
|
getset |
Parameters for the MFA that applies to server sessions.
|
getset |
Parameters for the MFA that applies to workstation sessions.
|
getset |
Parameters for the MFA that applies to IIS sessions.
|
getset |
Parameters for the MFA that applies to VPN sessions.
|
getset |
Parameters for the MFA that applies to SaaS events.
|
getset |
If the geolocalisation is enabled
|
get |
Get if any restriction kind is configured.
