Set connection restrictions

The UserLock 'Protected accounts' allows to create network connection rules, temporary or permanent, limiting users to:

• a number of initial access points,
• a number of simultaneous sessions,
• a list of authorized machines, or forbidden machines,
• a list of authorized hours, or forbidden hours,
• a number of authorized connection hours for a defined period (quotas).

Limiting the number of initial access points

UserLock considers as initial access points any session which is a new point of entry in the network.
You can limit the number of initial access points to ensure that a user will have only a certain number of points of entry in the network. For example, limiting the number of initial access points to one, will ensure that the user won't be able to open a session from a second location.

Limiting the number of simultaneous sessions

UserLock allows you to define, for all session types it can audit and control, a maximum number of simultaneous sessions which a user can logon.

A use case is available here to give you a step-by-step guide on how to define a rule for a user group limiting every member to one concurrent workstation session.

Limiting to a list of authorized machines, or forbidden machines

UserLock allows you to restrict workstations from which users may logon. It allows you to define and manage the granted or denied machines perimeter through a list.

A specific Use case is available here and will give you a step-by-step guide on how to restrict a user to connect only from a specific machine.

Limiting to a list of authorized hours, or forbidden hours

UserLock allows you to define periods of hours during which user can logon to the network. You can choose which days and time range the connection is authorized or forbidden, and for which type of sessions.

A use case is available here to give you a step-by-step guide on how to define a rule which prevents a user workstation and terminal connection outside the business hours.

Limiting to number of authorized connection hours for a defined period (quotas)

UserLock allows to define a 'Time quotas' policy for users. The principle is simple: a maximum period of time connected to the network during a recurring period for specified session types.

A specific Use case is available here and will give you a step-by-step guide on how to assign a logon time quota.

• Getting started
  • Requirements
  • Installation
  • Agent deployment
  • Audit logon events
  • Protect a new Active Directory account
  • Set connection restriction rules
  • Define an alert
  • Define a production database
  • License
  • 8 Best Practices When Using UserLock