UserLock API
|
Effective Protected Account is a virtual protected account (it doesn't exist in the protected accounts list) to know the effective restrictions that affect one user according with the policy defined in UserLock and the protected accounts configuration. More...
Public Member Functions | |
void | GetComplexEffRests (ComplexEffRestsPropertyList cersPropertyList) |
Get/refresh select groups of properties of the protected account from the server. See the ComplexEffRestsPropertyList enum. | |
void | GetEffectiveLockedByUserLock () |
Gets the effective locked by UserLock information. | |
void | GetEffectiveClientRestrictions () |
Gets the effective client restrictions. | |
void | GetEffectiveTimeFrames () |
Gets the effective time frames. | |
void | GetEffectiveTimeQuotas () |
Gets the effective time quotas. | |
void | GetEffectiveGroupRestrictions () |
Gets the effective group restrictions. | |
void | GetEffectiveGeolocRestrictions () |
Get the effective countries restrictions. | |
override void | SetInfo () |
Not implemented method, because the proteted account effective is read only. | |
![]() | |
override void | GetInfo () |
Get/refresh all properties of the protected account from the server. | |
void | GetInfo (AccountPropertyList propertyList) |
Get/refresh select groups of properties of the protected account from the server. See the enum AccountPropertyList. | |
void | GetNonInteractiveTabProperties () |
Reserved for future use. | |
Protected Attributes | |
bool | _bIsLockedByUserlockEff = false |
If set to true , the user account is locked by Userlock. | |
string | _LockedByUserlockMsgEff = "" |
Message displayed to the user when his account is locked by Userlock. | |
![]() | |
bool | _SubAuthApplyWsRestrictions = true |
List of concurrent session limits for different kind of sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. /private CustomSessionLimits _GroupCustomSessionLimits = new CustomSessionLimits();. | |
Properties | |
override bool | IsLockedByUserlock [get, set] |
Gets or sets a value indicating whether the user account is locked by Userlock. This property overrides the one defined in the ProtectedAccountBase class. | |
override string | LockedByUserlockMsg [get, set] |
Gets or sets a value indicating the message displayed to the user when his account is locked by Userlock. This property overrides the one defined in the ProtectedAccountBase class. | |
ClientRestsEff | ClientRestsEff [get, set] |
Gets or sets the effective client restrictions. | |
TimeFramesEff | TimeFramesEff [get, set] |
Gets or sets the effective time frames. | |
TimeQuotasEff | TimeQuotasEff [get, set] |
Gets or sets the effective time quotas. | |
GroupRestsEff | GroupRestsEff [get, set] |
Gets or sets the effective group restrictions. | |
![]() | |
virtual bool | IsLockedByUserlock [get, set] |
True if the user account is locked. False otherwise. Overridden in the ProtectedAccountEffective class. | |
virtual string | LockedByUserlockMsg [get, set] |
Message displayed to the user when his account is locked by Userlock. | |
Trilean | MfaEnabled [get, set] |
If the MFA is enabled for this Protected Account. | |
int | MfaWorkstationCacheDuration [get, set] |
The cache for workstation MFA unlocking in days. | |
int | MfaServerCacheDuration [get, set] |
The cache for server MFA unlocking in days. | |
Trilean | MfaWorkstationExtendCacheDuration [get, set] |
If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to extend. | |
Trilean | MfaServerExtendCacheDuration [get, set] |
If the cache duration for MFA on workstation should be extended when a logon is done. If not configured, default to not extend. | |
Trilean | MfaSkipEnabled [get, set] |
IF the Skip for MFA configuration is enabled. If so, the end duration is. | |
DateTime | MfaSkipEnd [get, set] |
The end date for MFA configuration skip. No effect if. | |
Trilean | MfaServerOnlyTerminal [get, set] |
If the MFA only applies to terminal/RDP sessions on server. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1. | |
Trilean | MfaWorkstationOnlyTerminal [get, set] |
If the MFA only applies to terminal/RDP sessions on workstations. If not configured, default to Disabled (aka all sessions). Obsolete since 10.1. | |
MfaConnectionTypes | MfaServerConnectionTypes [get, set] |
Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions). | |
MfaConnectionTypes | MfaWorkstationConnectionTypes [get, set] |
Speficy on which types of connections the MFA applies. If not configured, default to Any (aka all sessions). | |
MfaRestrictionParams | MFAServerRestrictionParams [get, set] |
Parameters for the MFA that applies to server sessions. | |
MfaRestrictionParams | MFAWorkstationRestrictionParams [get, set] |
Parameters for the MFA that applies to workstation sessions. | |
MfaRestrictionParams | MFAIISRestrictionParams [get, set] |
Parameters for the MFA that applies to IIS sessions. | |
MfaRestrictionParams | MfaVPNRestrictionParams [get, set] |
Parameters for the MFA that applies to VPN sessions. | |
MfaRestrictionParams | MfaSaasRestrictionParams [get, set] |
Parameters for the MFA that applies to SaaS events. | |
MfaRestrictionParams | MfaUacRestrictionParams [get, set] |
Parameters for the MFA that applies to Uac events. | |
Trilean | GeolocationEnabled [get, set] |
If the geolocalisation is enabled. | |
bool | IsAnyConfigured [get] |
Get if any restriction kind is configured. | |
String | AccountName [get, set] |
Windows account name of the protected user/group. Distinguished name for protected OUs. | |
String | DisplayAccountName [get] |
Display name for the protected account. | |
string | FullAccountName [get] |
Full account name of the protected account (DomainName\AccountName) | |
string | Sid [get] |
SID of the protected user/group. | |
String | FullName [get] |
Display name of the protected account. | |
String | CanonicalName [get] |
Canonical name of the object in the Active Directory. | |
bool | IsUser [get] |
True if this is a protected user. False otherwise. | |
ProtectedAccountType | Type [get, set] |
Type of the protected account. See the enum ProtectedAccountType. | |
string | TextType [get] |
Type of the protected account in text. | |
Trilean | SessionLimitPolicyEnabled [get, set] |
Get/set if the session limit policy should be set for the user or for members of the protected group/OU. | |
int | NbConcurrentLogins [get, set] |
Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions). I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | NbConcurrentWorkstations [get, set] |
Maximum number of concurrent workstation sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | NbConcurrentTerminals [get, set] |
Maximum number of concurrent terminal sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | RasNbConcurrent [get, set] |
Maximum number of concurrent Wi-Fi / VPN sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | IisNbConcurrentMax [get, set] |
Maximum number of concurrent IIS sessions. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
Trilean | AllowSaaSSessions [get, set] |
Allow or deny SaaS logins. | |
CustomSessionLimits | CustomSessionLimits [get, set] |
List of concurrent session limits for different kind of sessions. I_UNLIMITED if unlimited, I_NOTCONFIGURED is denied because it does not make sense to not configure a custom session limit. | |
Trilean | InitialAccessPointPolicyEnabled [get, set] |
Get/set if the initial access point policy should be set for the user or for members of the protected group/OU. | |
int | NbConcurrentInitialAccessPoints [get, set] |
Maximum number of concurrent initial access points. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
Trilean | OnlyOneActiveSession [get, set] |
Get/set if UserLock must leave only one active session (interactive), in case of users who has more than one limited session. | |
bool | DisplayWelcomeMessage [get, set] |
Trilean | DisplayWelcomeMessageNew [get, set] |
Get/set if the welcome message should be set for the user or for members of the protected group/OU. | |
bool | AllowClosePrevious [get, set] |
Trilean | AllowClosePreviousNew [get, set] |
Get/set if the user is allowed to close previous sessions when the new session is not allowed. | |
Trilean | NotificationPolicyEnabled [get, set] |
Get/set if the notification policy should be set for the user or for members of the protected group/OU. | |
String | PopupRecipient [get, set] |
Computer that will receive popup notifications when the user open/close a session of when UserLock deny a logon. | |
bool | PopupLoginNotification [get, set] |
bool | PopupLogoffNotification [get, set] |
bool | FailedPopupLoginNotification [get, set] |
Trilean | EnabledPopupNotifs [get, set] |
Get/set if popup notifications are enabled or not. | |
Notifications | PopupNotifications [get, set] |
List of all popup notifications that should be sent. | |
String | EmailRecipient [get, set] |
E-mail recipients for E-mail notifications. | |
bool | EmailLoginNotification [get, set] |
bool | EmailLogoffNotification [get, set] |
bool | FailedEmailLoginNotification [get, set] |
Trilean | EnabledEmailNotifs [get, set] |
Get/set if email notifications are enabled or not. | |
Notifications | EmailNotifications [get, set] |
List of all email notifications that should be sent. | |
Trilean | EnabledSameCredNotifs [get, set] |
Get/set if same credential notifications are enabled or not. | |
Notifications | SameCredNotifs [get, set] |
List of all same credential notifications that should be enforced. | |
Trilean | WksRestrictionPolicyEnabled [get, set] |
Get/set if the initial access point policy should be set for the user or for members of the protected group/OU. | |
bool | ExceptWorkstations [get, set] |
int | ExceptWorkstationsNew [get, set] |
I_ENABLED: any workstation is allowed except workstations listed in Computers, IpRanges or OuRestrictions. I_DISABLED: only workstations in Computers, IpRanges or OuRestrictions are allowed. | |
Workstations | Computers [get, set] |
List of allowed or denied workstations depending on the property ExceptWorkstationsNew | |
int | ComputerCount [get] |
Number of workstations listed in the Computers property. | |
IpRanges | IpRanges [get, set] |
Allowed or denied IP ranges depending on the property ExceptWorkstationsNew. | |
int | IpRangeCount [get] |
Number of IP ranges listed in the property IpRanges. | |
OuRestrictions | OuRestrictions [get, set] |
Allowed or denied organizational units depending on the property ExceptWorkstationsNew. | |
int | OuRestrictionsCount [get] |
Number of organization units in OuRestrictions. | |
Trilean | WorkingHoursPolicyEnabled [get, set] |
Get/set if the working hours policy should be set for the user or for members of the protected group/OU. | |
bool | ExceptTimeFrames [get, set] |
int | ExceptTimeFramesNew [get, set] |
I_ENABLED: a logon is allowed any time except in the time frames listed in the TimeFrames property. I_DISABLED: a logon is never allowed except during time frames listed in the TimeFrames property. | |
TimeFrames | TimeFrames [get, set] |
List of allowed or denied time frames depending on the property ExceptTimeFramesNew. | |
int | MaxSessionLength [get, set] |
Maximum allowed session length in minutes. I_NOTCONFIGURED there is not session length limit. | |
int | MaxInactivity [get, set] |
Maximum allowed locked time before USerLock closes the session. | |
ExpirationActionEnum | ExpirationAction [get, set] |
ExpirationActionEnum | ExpirationActionNew [get, set] |
Action that UserLock will execute once a session is outside allowed logon hours. See the enum ExpirationActionEnum | |
int | TimeCountdown [get, set] |
Time countdown in minutes while the notification message is displayed and before the session is closed by UserLock. | |
Trilean | EnabledTimeQuotas [get, set] |
Get/set if time quotas are Not configured, enabled or disabled. | |
TimeQuotas | TimeQuotas [get, set] |
List of all time quotas that should be enforced. | |
int | NbConcurrentGroupLogins [get, set] |
Maximum number of concurrent interactive sessions (workstation sessions and terminal sessions) of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | NbConcurrentGroupWorkstations [get, set] |
Maximum number of concurrent workstation sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | NbConcurrentGroupTerminals [get, set] |
Maximum number of concurrent terminal sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | RasNbConcurrentGroup [get, set] |
Maximum number of concurrent Wi-Fi / VPN sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
int | IisNbConcurrentGroup [get, set] |
Maximum number of concurrent IIS sessions of all members of the group or OU. I_NOTCONFIGURED if no limit is set, I_UNLIMITED if unlimited. | |
Additional Inherited Members | |
![]() | |
enum | Trilean { Disabled = 0 , Enabled = 1 , NotConfigured = I_NOTCONFIGURED2 } |
Enumeration of state for settings that can be disabled, enabled or not configured. See DisplayWelcomeMessageNew and AllowClosePreviousNew properties. More... | |
enum | ExpirationActionEnum { Logoff = 1 , Lock = 2 , DoNothing = 0 , NotConfigured = 3 } |
Enumeration of actions that can be done when allowed logon hours have expired for a user. See the property ExpirationActionNew. More... | |
enum | AccountPropertyList : uint { None = 0x00 , UserLock = 0x01 , Workstations = 0x02 , Hours = 0x04 , Group = 0x08 , NonInteractive = 0x10 , Iis = 0x20 , Ras = 0x40 , List = 0x80 , Information = 0x100 , All = 0xFFF } |
Enumeration of all groups of properties in the ProtectedAccount class allowing to get or set only selected properties. See the methods GetInfo and SetInfo of the class ProtectedAccount or the method GetProtectedAccount of the class UserLockServer. More... | |
enum | ComplexEffRestsPropertyList : byte { None = 0x00 , TimeQuotas = 0x01 , TimeFrames = 0x02 , ClientRestrictions = 0x04 , LockedByUserLock = 0x08 , GroupRestrictions = 0x10 , GeolocRestrictions = 0x20 , All = TimeQuotas | TimeFrames | ClientRestrictions | LockedByUserLock | GroupRestrictions | GeolocRestrictions } |
Enumeration of all complex effective restrictions (cannot be stored in ProtectedAccount fields because they need additional data). Specific to effective restrictions of an user account (not compatible with protected accounts). More... | |
Effective Protected Account is a virtual protected account (it doesn't exist in the protected accounts list) to know the effective restrictions that affect one user according with the policy defined in UserLock and the protected accounts configuration.
void GetComplexEffRests | ( | ComplexEffRestsPropertyList | cersPropertyList | ) |
Get/refresh select groups of properties of the protected account from the server. See the ComplexEffRestsPropertyList enum.
Gets the complex eff rests.
cersPropertyList | The cers property list. |
|
getset |
Gets or sets a value indicating whether the user account is locked by Userlock. This property overrides the one defined in the ProtectedAccountBase class.
If set to true
, the user account is locked by Userlock.
|
getset |
Gets or sets a value indicating the message displayed to the user when his account is locked by Userlock. This property overrides the one defined in the ProtectedAccountBase class.
If set to true
, the user account is locked by Userlock.
|
getset |
Gets or sets the effective client restrictions.
The effective client restrictions.
|
getset |
Gets or sets the effective time frames.
The effective time frames.
|
getset |
Gets or sets the effective time quotas.
The effective time quotas.
|
getset |
Gets or sets the effective group restrictions.
The effective group restrictions.