|
UserLock API
|
Classes | |
| class | AgentDistributionProperties |
| Agent distribution properties. See the property AgentDistributionProperties of the UserLockServer class to retrieve an instance of this class and update it. More... | |
| class | ProtectedItem |
| Base class for items that can be protected in protected accounts. More... | |
| class | Workstation |
| Class to specify a workstation restriction by client name More... | |
| class | Workstations |
| List of workstation restrictions by client name More... | |
| class | ReportedIisUser |
| Represent a user with his IIS sessions. More... | |
| class | IisSession |
| Represent an IIS session. More... | |
| class | IpRange |
| IP range for workstation restrictions More... | |
| class | IpRanges |
| List of IP ranges for workstation restrictions More... | |
| class | MachineState |
| State of a machine in the protected network zone. This is an element of a MachineStates list. More... | |
| class | MachineStates |
| List of machine states in the protected network zone. See the class MachineState and see the property AgentDistribution of the UserLockServer class to retrieve such a list.
More... | |
| class | Message |
| Customizable message. More... | |
| class | Messages |
| List of customizable messages. See the class Message. More... | |
| class | MinMaxSessionCount |
| "MinMaxSessionCount" class declaration. More... | |
| class | MinMaxSessionCountsSt |
| "MinMaxSessionCountsSt" class declaration. More... | |
| class | MinMaxSessionCounts |
| "MinMaxSessionCounts" class declaration. More... | |
| class | OuRestriction |
| Organizational unit for workstation restrictions More... | |
| class | OuRestrictions |
| List of organizational unit restrictions More... | |
| class | Permission |
| Access control entry for UserLock administration permissions. More... | |
| class | Permissions |
| List of UserLock administration permissions. More... | |
| class | ProtectedAccountBase |
| Base class for ProtectedAccount and ProtectedAccountEffective. More... | |
| class | ProtectedAccount |
| Protected account allowing to define logon rules for a user or a group/organizational unit of users. Most properties and methods are implemented in the base class ProtectedAccountBase. More... | |
| class | ProtectedAccountTemporary |
| Temporary protected account allowing to define temporary rules for an account from a start date to an end date. More... | |
| class | ProtectedAccounts |
| List of protected accounts. See the class ProtectedAccount and see the property ProtectedAccounts of the UserLockServer class to see how to retrieve such a list. More... | |
| class | ClientRests |
| Client restrictions (computer names, IP ranges, OUs). More... | |
| class | ClientRestsEff |
| Effective client restrictions (cannot be stored in ProtectedAccount fields because they need additional data). More... | |
| class | TimeQuotasEff |
| Effective time quota restrictions (cannot be stored in ProtectedAccount fields because they need additional data). More... | |
| class | GroupRestsEff |
| Effective group restrictions (cannot be stored in ProtectedAccount fields because they need additional data). More... | |
| class | TimeFramesEff |
| Effective time frame restrictions (cannot be stored in ProtectedAccount fields because they need additional data). More... | |
| class | CountriesEff |
| Effective list of countries (for effective geoloc restriction). More... | |
| class | ProtectedAccountEffective |
| Effective Protected Account is a virtual protected account (it doesn't exist in the protected accounts list) to know the effective restrictions that affect one user according with the policy defined in UserLock and the protected accounts configuration. More... | |
| class | CustomSessionLimit |
| Custom limit to set a maximum number of concurrent sessions for selected types of sessions. More... | |
| class | CustomSessionLimits |
| List of custom session limits. See the class CustomSessionLimit and the property CustomSessionLimits of the ProtectedAccount class to get/set the list. More... | |
| class | Notifications |
| List of same credential notifications. Use the property SameCredNotifs of the ProtectedAccount class to get/set such a list. More... | |
| class | ReportedRasUser |
| Represent a user with his RAS sessions More... | |
| class | RasSession |
| Class for RAS sessions. More... | |
| class | ReportedMachineBase |
| Base class for the classe ReportedMachine. More... | |
| class | ReportedMachine |
| Represent a computer with all the sessions on it. This is an element of the property ReportedMachines of the class UserLockServer. Also see the method GetReportedMachine to get an instance for a specific computer. More... | |
| class | ReportedUserBase |
| Base class for the classes ReportedUser, ReportedIisUser and ReportedRasUser More... | |
| class | ReportedUser |
| Represent a user with all his sessions. An element of the property ReportedUsers of the class UserLockServer. Also see the method GetReportedUser to get an instance for a specific user. More... | |
| struct | SsoServer |
| Represent a single SSO Server More... | |
| class | ServerProperties |
| UserLock server properties. More... | |
| class | Session |
| Base class for all kind of sessions. More... | |
| class | InteractiveSession |
| Class for interactive sessions: workstation sessions and terminal sessions. More... | |
| class | TimeFrame |
| Time frame for hour restrictions More... | |
| class | TimeFrames |
| List of time frames. See the class TimeFrame. More... | |
| class | TimeQuota |
| Time quota for a specific period of time and for specific types of session. More... | |
| class | TimeQuotas |
| List of TimeQuota. Use the property TimeQuotas of the ProtectedAccount class to get/set such a list. More... | |
| class | TimeQuotaCount |
| Time quota and corresponding remaining time count for a specific user. Allows to know how much time the user has left. More... | |
| class | TimeQuotasCounts |
| List of TimeQuotaCount for a user but different types of sessions. Use the property TimeQuotasCounts of the class TimeQuotaStatus to get such a list. More... | |
| class | TimeQuotaStatus |
| Time quota status for a specific user. List consumed time for the user and for all kind of sessions. See the class ConsumedTime and use the function GetUserQuotaStatus of the UserLockServer class to get the time quota status for a specific user. Also allows to get the effective quotas for the user. More... | |
| class | ConsumedTime |
| Consumed time for a specific type of session. More... | |
| class | UserLockServer |
| Instance of a local or remote UserLock server More... | |
Enumerations | |
| enum | JoinMode { Always = 0, IfNewNotAllowed = 1, Never = 2 } |
| Different possible behaviors if a user opens a terminal session on a terminal server on which he already has an opened session. See the property JoinMode of the class AgentDistributionProperties. More... | |
| enum | AgentType { Desktop = 0 , RRAS = 2, NPS = 3 , IIS = 4, Mac = 5 } |
| The different types of agents that can be installed. See the property AgentType of the MachineState class. More... | |
| enum | AgentStatus { NotInstalled = 0, Installed = 1, Unknown = 2, Installing = 3, Uninstalling = 4, Upgrading = 5 } |
| Installation status of the agent. See the property AgentStatus of the class MachineState. More... | |
| enum | UserLockRights : uint { ProtectedAccounts = 0x00000001, Messages = 0x00000002, UserSessions = 0x00000004, AgentDistribution = 0x00000008, ServerProperties = 0x00000010, Permissions = 0x00000020, AllUserLockRightsRW = ProtectedAccounts | Messages | UserSessions | AgentDistribution | ServerProperties | Permissions, ProtectedAccountsRO = 0x00000040, MessagesRO = 0x00000080, UserSessionsRO = 0x00000100, AgentDistributionRO = 0x00000200, ServerPropertiesRO = 0x00000400, PermissionsRO = 0x00000800, AllUserLockRightsRO = ProtectedAccountsRO | MessagesRO | UserSessionsRO | AgentDistributionRO | ServerPropertiesRO | PermissionsRO, AllUserLockRights = AllUserLockRightsRO | AllUserLockRightsRW, All = 0xFFFFFFFF, None = 0 } |
| UserLock access rights. Bitmap. Used to know the access rights allowed for a connection to the UserLock server (UlConnection.Rights). Also used twice for each account listed in the UserLock administrative permissions: one for allowed permissions (Permission.AllowedRights) and one for denied permissions (Permission.DeniedRights). More... | |
| enum | MfaConnectionTypes { NotConfigured = -2, FromOutside = 2, Remote = 1, Any = 0 } |
| Enumeration for when the MFA should be triggered. To get the numeric in PowerShell, here is an example: "([ISDecisions.UserLockLibrary.MfaConnectionTypes]'Remote').value__". More... | |
| enum | MfaDurationTimeUnit { NotConfigured = -2, Days = 0, Hours = 1, Minutes = 2 } |
| Enumaration of the time unit for the duration between 2 ask, for "Logon every (x)" and "Logon after (x)" More... | |
| enum | ProtectedAccountType { None = 0, User = 1, Group = 2, Ou = 3 } |
| Enumeration for all type of protected accounts. More... | |
| enum | EventSessionChange { OnInteractiveLogoff = 0, OnInteractiveLogon = 1, OnInteractiveLock = 2, OnInteractiveUnlock = 3, OnInteractiveLogonDeniedUserLock = 4, OnInteractiveReconnection = 5, OnInteractiveDisconnection = 6, OnInteractiveLogonDeniedWindowsPassword = 10, OnInteractiveLogonDeniedWindowsRestriction = 11, OnInteractiveLogonDeniedWindowsLockedOut = 12, OnInteractiveLogonDeniedWindowsTimeRestriction = 13, OnIisLogoff = 100, OnIisLogon = 101, OnIisLogonDeniedUserLock = 104, OnIisLogonDeniedWindowsPassword = 110, OnIisLogonDeniedWindowsRestriction = 111, OnIisLogonDeniedWindowsLockedOut = 112, OnIisLogonDeniedWindowsTimeRestriction = 113, OnRasLogoff = 200, OnRasLogon = 201, OnRasLogonDeniedUserLock = 204, OnRasLogonDeniedWindowsPassword = 210, OnRasLogonDeniedWindowsRestriction = 211, OnRasLogonDeniedWindowsLockedOut = 212, OnRasLogonDeniedWindowsTimeRestriction = 213, OnNetworkLogonDeniedWindowsPassword = 310, OnNetworkLogonDeniedWindowsRestriction = 311, OnNetworkLogonDeniedWindowsLockedOut = 312, OnNetworkLogonDeniedWindowsTimeRestriction = 313, OnTerminalLogonDeniedWindowsPassword = 410, OnTerminalLogonDeniedWindowsRestriction = 411, OnTerminalLogonDeniedWindowsLockedOut = 412, OnTerminalLogonDeniedWindowsTimeRestriction = 413 } |
| Enumeration for all type of events for session change notifications. More... | |
| enum | UserStatusTriggers : uint { Protected = 0x00000001, FirstEvent = 0x00000002, Event = 0x00000004, EventAfterPeriod = 0x00000008, Inactivity = 0x00000010, AdAccountLocked = 0x00000020, SessionsOverLimit = 0x00000040, SessionsOverNumber = 0x00000080, DeniedLogonsByUl = 0x00000100, DeniedLogonsByWnd = 0x00000200, InitialAccessPointsOverLimit = 0x00000400, InitialAccessPointsOverNumber = 0x00000800, PublicAndPrivateInitialAccessPoints = 0x00001000, SessionImpersonation = 0x00002000, AdAccountDisabled = 0x00004000, All = 0xFFFFFFFF } |
| Different triggers that could be activated for one user. The status of the user is deduced from the triggers. More... | |
| enum | UserStatus { Unknown = -1, Unprotected = 0, Protected = 1, Inactive = 2, New = 3, Risk = 4, HighRisk = 5 } |
| Different possible status for a user, this status are exclusive. If a user has more than one, the priority is defined by the value (BadBehaviour the most important). More... | |
| enum | IAP { Unknow = -1, NonInitialAccessPoint = 0, InitialAccessPoint = 1 } |
| This is an initial access point or not? More... | |
| enum | ServerMode { Backup, Primary, StandaloneTS, Invalid } |
| Get the network zone protected by the UserLock service (Primary server mode). More... | |
| enum | ServerPropertyList : int { None = 0x0000, General = 0x0001, Logs = 0x0002, Security = 0x0004, Synchronisation = 0x0008, TerminalServer = 0x0010, License = 0x0020, UserStatus = 0x0040, AdminAccount = 0x0080, Advanced = 0x0100, Webhook = 0x0200, MFA = 0x0400, AgentDistribution = 0x0800, All = General | Logs | Security | Synchronisation | TerminalServer | License | UserStatus | AdminAccount | Advanced | Webhook | MFA | AgentDistribution } |
| Represent groups of server properties that will be synchronized between the server and a ServerProperties instance. Several values can be combined with the or (|) operator (flags). See the methods GetInfo and SetInfo of the ServerProperties class. More... | |
| enum | ExceedingSessionsOrder { OldestFirst = 0, NewestFirst = 1 } |
| Represent the chronological order for closing exceeding sessions. See the property ExceedingSessionsOrder of the ServerProperties class. More... | |
| enum | SmtpAuthentication { None = 0, Windows = 1, ProvideCredentials = 2 } |
| The authentication method the UserLock server has to use to connect to the SMTP server. More... | |
| enum | EventStatusChange { OnUnprotectedStatus = 1000, OnProtectedStatus = 1001, OnInactiveStatus = 1002, OnNewStatus = 1003, OnRiskStatus = 1004, OnHighRiskStatus = 1005, OnMfaHelpNeeded = 1006 } |
| Enumeration for all type of events for status change notifications. More... | |
| enum | OfflineMode { Allow, RequireMfa, ForceMfa, Disallow } |
| Enumeration of action to take for logons without network connection. More... | |
| enum | EnableMfaFallbackMode { Disabled = 0, Enabled = 1, Force = 2 } |
| Enumeration of what rule to apply for multiple MFA methods More... | |
| enum | SessionType { All = Interactive | IIS | RAS | VPN | Wifi | SAAS, None = 0, Workstation = 1, Terminal = 2, Interactive = Workstation | Terminal, IIS = 4, RAS = 8, VPN = 16, Wifi = 32, SAAS = 64 } |
| Different types of sessions. A session has only one type but several types can be specified in several cases (access policies, reports etc.). More... | |
| enum | LicenseType |
| Different type license key More... | |
| enum | ServerDataElement { None = 0, AgentDistribution = 0x2, AgentDistributionProperties = 0x4, UserSessions = 0x40, Messages = 0x80, Properties = 0x100, ProtectedAccounts = 0x200 } |
| Allows to specify what for information needs to be refreshed from the server. See the Refresh method of the UserLockServer class. More... | |
| enum | NotifyMode { Default = -1, ExecuteAfterTimeout = 0, PopupPeriod = 1 } |
| Allows to specify the notify mode for a shutdown. See the Shutdown method of the UserLockServer class. More... | |
| enum | ExecutionMode { Default = -1, Immediate = 0, ImmediateIfPossible = 1, AlwaysNotiFy = 2 } |
| Allows to specify the execution mode for a shutdown. See the Shutdown method of the UserLockServer class. More... | |
| enum | ForceMode { Default = -1, No = 0, Yes = 1 } |
| Allows to specify if applications will be closed by force during a shutdown. See the Shutdown method of the UserLockServer class. More... | |
| enum | LicenseStatus { Valid, MaintenanceExpiresInLessThanOneMonth, ExpireInLessThanOneMonth, MaintenanceExpireInLessThanOneWeek, ExpireInLessThanOneWeek, ExpireInLessThanOneDay, MaintenanceExpired, ExpiredButStillRuns, Expired , Offline, OfflineButStillRuns, Deactivated, Invalid } |
| License expiration status. More... | |
| enum | MspLicenseStatus { , Active = 1, Revoked = 2, Invalid = 3 , Offline = 5, OfflineButStillRuns = 6 } |
| enum | LicenseUseStatus { Ok, InsideNotifs , InsideGrace , Over } |
| License usage status. The different values are ordered from least critical to most critical. More... | |
| enum | ClientServerCompatibility { VersionNotCompatible = 0, SameVersion = 1, OldVersion = 2, VersionWithNewFeatures = 3, VersionWithRemovedCommands = 4 } |
| Compatibility status between the API and the connected UserLock server More... | |
| enum | SessionStatisticMode { Normal, GroupInteractive, GroupBySessionType } |
| Different possible modes for session statistic More... | |
| enum MfaConnectionTypes |
Enumeration for when the MFA should be triggered. To get the numeric in PowerShell, here is an example: "([ISDecisions.UserLockLibrary.MfaConnectionTypes]'Remote').value__".
| Enumerator | |
|---|---|
| NotConfigured |
Not configured. |
| FromOutside |
When the logon originate from outside the network. |
| Remote |
For all terminal sessions. |
| Any |
For all sessions. |
| enum MfaDurationTimeUnit |
Enumaration of the time unit for the duration between 2 ask, for "Logon every (x)" and "Logon after (x)"
| enum EventSessionChange |
Enumeration for all type of events for session change notifications.
| enum UserStatus |
Different possible status for a user, this status are exclusive. If a user has more than one, the priority is defined by the value (BadBehaviour the most important).
| enum IAP |
| enum SmtpAuthentication |
| enum EventStatusChange |
Enumeration for all type of events for status change notifications.
| enum OfflineMode |
Enumeration of action to take for logons without network connection.
| enum LicenseType |
Different type license key
| enum LicenseStatus |
License expiration status.
| enum MspLicenseStatus |
| enum LicenseUseStatus |
License usage status. The different values are ordered from least critical to most critical.
Compatibility status between the API and the connected UserLock server
| enum SessionStatisticMode |
Different possible modes for session statistic
| Enumerator | |
|---|---|
| Normal |
Grouped by session type and active/locked |
| GroupInteractive |
Workstation and terminal sessions are grouped together |
| GroupBySessionType |
Active/Locked sessions are grouped inside their session type (terminal or workstation) |
1.8.3.1