Restrict Active Directory user logon by workstation, device, country or IP address
Restrict and limit where Active Directory users log in from, without disrupting productivity. With UserLock, enforce login origin policies, stop unauthorized access, and reduce the risk of credential misuse.
)
)
)
)
Deny and allow workstation logins to better protect your network
Restrict Active Directory user logon by workstation, country, machine name, or IP address. Reduce your network's attack surface without adding complexity. Even if a threat actor compromises credentials, these access controls limit where and how those credentials can be used.
)
)
)
)
Use case example 1
Restrict user login based on country
The geolocation restriction allows an administrator to restrict remote logons based on country (geolocation). The policy will disallow/allow logons from a list of selectable countries.
)
)
)
)
Use case example 2
Restrict user login to only specific workstations & devices
Limit access to a single computer or particular machines. Set this policy for a single user or for a group of users.
)
)
)
)
Use case example 3
Restrict user login to an authorized IP address range
Restrict connection to certain geographies or departments. This can be set for a single user or a group of users.
Easily enforce effective login controls by origin
)
)
Use alongside Active Directory
Query Active Directory within the UserLock console to select the specific target workstation or device.
)
)
Set logon restrictions for a group of users
Go far beyond ‘deny and allow workstation logons’ with Group policies. Granular restrictions can be centrally set – on a user-by-user basis and for multiple users by group or organizational unit.
)
)
Apply temporary logon restrictions
Set for a defined time period so no users are left with access beyond their immediate needs.
More context aware restrictions
Logon restrictions by origin work alongside UserLock's other context-based access restrictions (session type, number of simultaneous connections and time constraints) to protect and secure Active Directory user access.
)
)
Session type
Control which sessions to allow for users (workstation, terminal, Wi-Fi, VPN, IIS, and SaaS) to protect both interactive session and network access for remote and mobile users.
)
)
Simultaneous Connections
Prevent concurrent logins for a single user and limit the number of initial access points to ensure all access is attributed to a single user.
)
)
Time
Limit access to specific timeframes and set daily, weekly or monthly time quotas, maximum session times and idle session time.
)
)
)
)
Force remote logoff after idle time
Watch how IT administrators can set an automatic forced logoff, on all locked or open machines, after a certain idle time with UserLock. This includes remote desktop sessions opened by the domain user.
Read)
)
)
)
Login logout time tracking for employees
Learn how UserLock makes it easy to manage and react to employees’ attendance, overtime thresholds, productivity and suspicious login logout times.
Read)
)
)
)
Remotely manage, respond and logoff Windows Session Events
UserLock allows administrators to easily track, manage and respond to Windows sessions remotely. Real time visibility and reaction to user activities, helps both optimize PC resources and save time.
Read