UserLock API
Public Types | Public Member Functions | Protected Attributes | Properties | List of all members
ProtectedAccountBase Class Referenceabstract

Base class for ProtectedAccount and ProtectedAccountEffective. More...

Inheritance diagram for ProtectedAccountBase:
ProtectedAccount ProtectedAccountEffective ProtectedAccountTemporary

Public Types

enum  Trilean { Disabled = 0 , Enabled = 1 , NotConfigured = I_NOTCONFIGURED2 }
 Enumeration of state for settings that can be disabled, enabled or not configured. See DisplayWelcomeMessageNew and AllowClosePreviousNew properties. More...
 
enum  ExpirationActionEnum { Logoff = 1 , Lock = 2 , DoNothing = 0 , NotConfigured = 3 }
 Enumeration of actions that can be done when allowed logon hours have expired for a user. See the property ExpirationActionNew. More...
 
enum  AccountPropertyList : uint {
  None = 0x00 , UserLock = 0x01 , Workstations = 0x02 , Hours = 0x04 ,
  Group = 0x08 , NonInteractive = 0x10 , Iis = 0x20 , Ras = 0x40 ,
  List = 0x80 , Information = 0x100 , All = 0xFFF
}
 Enumeration of all groups of properties in the ProtectedAccount class allowing to get or set only selected properties. See the methods GetInfo and SetInfo of the class ProtectedAccount or the method GetProtectedAccount of the class UserLockServer. More...
 
enum  ComplexEffRestsPropertyList : byte {
  None = 0x00 , TimeQuotas = 0x01 , TimeFrames = 0x02 , ClientRestrictions = 0x04 ,
  LockedByUserLock = 0x08 , GroupRestrictions = 0x10 , GeolocRestrictions = 0x20 , All = TimeQuotas | TimeFrames | ClientRestrictions | LockedByUserLock | GroupRestrictions | GeolocRestrictions
}
 Enumeration of all complex effective restrictions (cannot be stored in ProtectedAccount fields because they need additional data). Specific to effective restrictions of an user account (not compatible with protected accounts). More...
 

Public Member Functions

override void GetInfo ()
 Get/refresh all properties of the protected account from the server.
 
void GetInfo (AccountPropertyList propertyList)
 Get/refresh select groups of properties of the protected account from the server. See the enum AccountPropertyList.
 
void GetNonInteractiveTabProperties ()
 Reserved for future use.
 

Protected Attributes

bool _SubAuthApplyWsRestrictions = true
 List of concurrent session limits for different kind of sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. /private CustomSessionLimits _GroupCustomSessionLimits = new CustomSessionLimits();.
 

Properties

virtual bool IsLockedByUserlock [get, set]
 True if the user account is locked. False otherwise. Overridden in the ProtectedAccountEffective class.
 
virtual string LockedByUserlockMsg [get, set]
 Message displayed to the user when his account is locked by Userlock.
 
Trilean MfaEnabled [get, set]
 If the MFA is enabled for this Protected Account.
 
int MfaWorkstationCacheDuration [get, set]
 The cache for workstation MFA unlocking in days.
 
int MfaServerCacheDuration [get, set]
 The cache for server MFA unlocking in days.
 
Trilean MfaWorkstationExtendCacheDuration [get, set]
 If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to extend.
 
Trilean MfaServerExtendCacheDuration [get, set]
 If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to not extend.
 
Trilean MfaSkipEnabled [get, set]
 IF the Skip for MFA configuration is enabled. If so, the end duration is.
 
DateTime MfaSkipEnd [get, set]
 The end date for MFA configuration skip. No effect if.
 
Trilean MfaServerOnlyTerminal [get, set]
 If the MFA only applies to terminal/RDP sessions on server. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1.
 
Trilean MfaWorkstationOnlyTerminal [get, set]
 If the MFA only applies to terminal/RDP sessions on workstations. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1.
 
MfaConnectionTypes MfaServerConnectionTypes [get, set]
 Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions).
 
MfaConnectionTypes MfaWorkstationConnectionTypes [get, set]
 Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions).
 
MfaRestrictionParams MFAServerRestrictionParams [get, set]
 Parameters for the MFA that applies to server sessions.
 
MfaRestrictionParams MFAWorkstationRestrictionParams [get, set]
 Parameters for the MFA that applies to workstation sessions.
 
MfaRestrictionParams MFAIISRestrictionParams [get, set]
 Parameters for the MFA that applies to IIS sessions.
 
MfaRestrictionParams MfaVPNRestrictionParams [get, set]
 Parameters for the MFA that applies to VPN sessions.
 
MfaRestrictionParams MfaSaasRestrictionParams [get, set]
 Parameters for the MFA that applies to SaaS events.
 
MfaRestrictionParams MfaUacRestrictionParams [get, set]
 Parameters for the MFA that applies to Uac events.
 
Trilean GeolocationEnabled [get, set]
 If the geolocalisation is enabled.
 
bool IsAnyConfigured [get]
 Get if any restriction kind is configured.
 

Account Information

String AccountName [get, set]
 Windows account name of the protected user/group. Distinguished name for protected OUs.
 
String DisplayAccountName [get]
 Display name for the protected account.
 
string FullAccountName [get]
 Full account name of the protected account (DomainName\AccountName)
 
string Sid [get]
 SID of the protected user/group.
 
String FullName [get]
 Display name of the protected account.
 
String CanonicalName [get]
 Canonical name of the object in the Active Directory.
 
bool IsUser [get]
 True if this is a protected user. False otherwise.
 
ProtectedAccountType Type [get, set]
 Type of the protected account. See the enum ProtectedAccountType.
 
string TextType [get]
 Type of the protected account in text.
 

General

Trilean SessionLimitPolicyEnabled [get, set]
 Get/set if the session limit policy should be set for the user or for members of the protected group/OU.
 
int NbConcurrentLogins [get, set]
 Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions). I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int NbConcurrentWorkstations [get, set]
 Maximum number of concurrent workstation sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int NbConcurrentTerminals [get, set]
 Maximum number of concurrent terminal sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int RasNbConcurrent [get, set]
 Maximum number of concurrent Wi-Fi / VPN sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int IisNbConcurrentMax [get, set]
 Maximum number of concurrent IIS sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
Trilean AllowSaaSSessions [get, set]
 Allow or deny SaaS logins.
 
CustomSessionLimits CustomSessionLimits [get, set]
 List of concurrent session limits for different kind of sessions. I_UNLIMITED if unlimited, I_NOTCONFIGURED is denied because it does not make sense to not configure a custom session limit.
 
Trilean InitialAccessPointPolicyEnabled [get, set]
 Get/set if the initial access point policy should be set for the user or for members of the protected group/OU.
 
int NbConcurrentInitialAccessPoints [get, set]
 Maximum number of concurrent initial access points. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
Trilean OnlyOneActiveSession [get, set]
 Get/set if UserLock must leave only one active session (interactive), in case of users who has more than one limited session.
 
bool DisplayWelcomeMessage [get, set]
 
Trilean DisplayWelcomeMessageNew [get, set]
 Get/set if the welcome message should be set for the user or for members of the protected group/OU.
 
bool AllowClosePrevious [get, set]
 
Trilean AllowClosePreviousNew [get, set]
 Get/set if the user is allowed to close previous sessions when the new session is not allowed.
 

Notifications

Trilean NotificationPolicyEnabled [get, set]
 Get/set if the notification policy should be set for the user or for members of the protected group/OU.
 
String PopupRecipient [get, set]
 Computer that will receive popup notifications when the user open/close a session of when UserLock deny a logon.
 
bool PopupLoginNotification [get, set]
 
bool PopupLogoffNotification [get, set]
 
bool FailedPopupLoginNotification [get, set]
 
Trilean EnabledPopupNotifs [get, set]
 Get/set if popup notifications are enabled or not.
 
Notifications PopupNotifications [get, set]
 List of all popup notifications that should be sent.
 
String EmailRecipient [get, set]
 E-mail recipients for E-mail notifications.
 
bool EmailLoginNotification [get, set]
 
bool EmailLogoffNotification [get, set]
 
bool FailedEmailLoginNotification [get, set]
 
Trilean EnabledEmailNotifs [get, set]
 Get/set if email notifications are enabled or not.
 
Notifications EmailNotifications [get, set]
 List of all email notifications that should be sent.
 
Trilean EnabledSameCredNotifs [get, set]
 Get/set if same credential notifications are enabled or not.
 
Notifications SameCredNotifs [get, set]
 List of all same credential notifications that should be enforced.
 

Workstation restrictions

Trilean WksRestrictionPolicyEnabled [get, set]
 Get/set if the initial access point policy should be set for the user or for members of the protected group/OU.
 
bool ExceptWorkstations [get, set]
 
int ExceptWorkstationsNew [get, set]
 I_ENABLED: any workstation is allowed except workstations listed in Computers, IpRanges or OuRestrictions. I_DISABLED: only workstations in Computers, IpRanges or OuRestrictions are allowed.
 
Workstations Computers [get, set]
 List of allowed or denied workstations depending on the property ExceptWorkstationsNew
 
int ComputerCount [get]
 Number of workstations listed in the Computers property.
 
IpRanges IpRanges [get, set]
 Allowed or denied IP ranges depending on the property ExceptWorkstationsNew.
 
int IpRangeCount [get]
 Number of IP ranges listed in the property IpRanges.
 
OuRestrictions OuRestrictions [get, set]
 Allowed or denied organizational units depending on the property ExceptWorkstationsNew.
 
int OuRestrictionsCount [get]
 Number of organization units in OuRestrictions.
 

Time restrictions

Trilean WorkingHoursPolicyEnabled [get, set]
 Get/set if the working hours policy should be set for the user or for members of the protected group/OU.
 
bool ExceptTimeFrames [get, set]
 
int ExceptTimeFramesNew [get, set]
 I_ENABLED: a logon is allowed any time except in the time frames listed in the TimeFrames property. I_DISABLED: a logon is never allowed except during time frames listed in the TimeFrames property.
 
TimeFrames TimeFrames [get, set]
 List of allowed or denied time frames depending on the property ExceptTimeFramesNew.
 
int MaxSessionLength [get, set]
 Maximum allowed session length in minutes. I_NOTCONFIGURED there is not session length limit.
 
int MaxInactivity [get, set]
 Maximum allowed locked time before USerLock closes the session.
 
ExpirationActionEnum ExpirationAction [get, set]
 
ExpirationActionEnum ExpirationActionNew [get, set]
 Action that UserLock will execute once a session is outside allowed logon hours. See the enum ExpirationActionEnum
 
int TimeCountdown [get, set]
 Time countdown in minutes while the notification message is displayed and before the session is closed by UserLock.
 
Trilean EnabledTimeQuotas [get, set]
 Get/set if time quotas are Not configured, enabled or disabled.
 
TimeQuotas TimeQuotas [get, set]
 List of all time quotas that should be enforced.
 

Group restrictions

int NbConcurrentGroupLogins [get, set]
 Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions) of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int NbConcurrentGroupWorkstations [get, set]
 Maximum number of concurrent workstation sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int NbConcurrentGroupTerminals [get, set]
 Maximum number of concurrent terminal sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int RasNbConcurrentGroup [get, set]
 Maximum number of concurrent Wi-Fi / VPN sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 
int IisNbConcurrentGroup [get, set]
 Maximum number of concurrent IIS sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited.
 

Detailed Description

Base class for ProtectedAccount and ProtectedAccountEffective.

Member Enumeration Documentation

◆ Trilean

enum Trilean

Enumeration of state for settings that can be disabled, enabled or not configured. See DisplayWelcomeMessageNew and AllowClosePreviousNew properties.

Enumerator
Disabled 

The setting is disabled.

Enabled 

The setting is enabled.

NotConfigured 

The setting is not considered.

◆ ExpirationActionEnum

Enumeration of actions that can be done when allowed logon hours have expired for a user. See the property ExpirationActionNew.

Enumerator
Logoff 

The session should be closed outside allowed logon hours.

Lock 

The session should be locked outside allowed logon hours.

DoNothing 

Let the session open outside allowed logon hours.

NotConfigured 

The setting is not considered. Replaced "I_NOTCONFIGURED" with "ExpirationActionEnum.NotConfigured" for "_ExpirationAction" to simplify the management of code for the concerned combo box.

◆ ComplexEffRestsPropertyList

Enumeration of all complex effective restrictions (cannot be stored in ProtectedAccount fields because they need additional data). Specific to effective restrictions of an user account (not compatible with protected accounts).

Enumerator
None 

No properties are selected.

TimeQuotas 

Effective time quotas.

TimeFrames 

Effective time frames.

ClientRestrictions 

Effective client restrictions.

LockedByUserLock 

Effective locked by UserLock.

GroupRestrictions 

Effective group restrictions.

GeolocRestrictions 

Effective countries restriction.

All 

All complex effective restrictions.

Property Documentation

◆ DisplayWelcomeMessage

bool DisplayWelcomeMessage
getset
Deprecated
Get/set if the welcome message should be set for the user or for members of the protected group/OU (obsolete because does not manage the NotConfigured status).

◆ AllowClosePrevious

bool AllowClosePrevious
getset
Deprecated
Get/set if the user is allowed to close previous sessions when the new session is not allowed (obsolete because does not manage the NotConfigured status).

◆ PopupLoginNotification

bool PopupLoginNotification
getset
Deprecated
Get/set if a popup should be sent when a user open a session (obsolete, use property PopupNotifications).

◆ PopupLogoffNotification

bool PopupLogoffNotification
getset
Deprecated
Get/set if a popup should be sent when a user close a session (obsolete, use property PopupNotifications).

◆ FailedPopupLoginNotification

bool FailedPopupLoginNotification
getset
Deprecated
Get set if a popup should be sent when a user is denied to logon by UserLock (obsolete, use property PopupNotifications).

◆ EmailLoginNotification

bool EmailLoginNotification
getset
Deprecated
Get/set if an E-mail should be sent when a user opens a session (obsolete, use property EmailNotifications).

◆ EmailLogoffNotification

bool EmailLogoffNotification
getset
Deprecated
Get/set if an E-mail should be sent when a user closes a session (obsolete, use property EmailNotifications).

◆ FailedEmailLoginNotification

bool FailedEmailLoginNotification
getset
Deprecated
Get/set if an E-mail should be sent when a logon was denied by UserLock (obsolete, use property EmailNotifications).

◆ ExceptWorkstations

bool ExceptWorkstations
getset
Deprecated
I_ENABLED: any workstation is allowed except workstations listed in Computers, IpRanges or OuRestrictions. I_DISABLED: only workstations in Computers, IpRanges or OuRestrictions are allowed (obsolete because does not manage the NotConfigured status).

◆ ExceptTimeFrames

bool ExceptTimeFrames
getset
Deprecated
I_ENABLED: a logon is allowed any time except in the time frames listed in the TimeFrames property. I_DISABLED: a logon is never allowed except during time frames listed in the TimeFrames property (obsolete because does not manage the NotConfigured status).

◆ ExpirationAction

ExpirationActionEnum ExpirationAction
getset
Deprecated
Action that UserLock will execute once a session is outside allowed logon hours. See the ExpirationActionEnum enum (obsolete because does not manage the NotConfigured status).

◆ MfaSkipEnabled

Trilean MfaSkipEnabled
getset

IF the Skip for MFA configuration is enabled. If so, the end duration is.

MfaSkipEnd

◆ MfaSkipEnd

DateTime MfaSkipEnd
getset

The end date for MFA configuration skip. No effect if.

MfaSkipEnabled != Trilean.Enabled