Restrict User Logon Hours and Force Logoff in a Windows Domain

UserLock defines working hours, maximum session times and daily, weekly, monthly connection time quotas for all protected users. Outside of these timeframes and/or when time is up, time restriction access rules can be enforced and users disconnected - with prior warning.

Enforce User Logon Time Restrictions by Group with UserLock

Windows does provide logon time restriction functionality on a user-by-user basis but there is no way to manage it by group for multiple users. On large networks this is unmanageable and hinders organizations from applying access rules that improve their network security.

UserLock allows time restrictions to be centrally set for an entire group; saving time and helping IT teams implement effective and manageable login controls.

Force Logoff when Time Restrictions Expire

Using native Windows Active Directory controls, there is no way to force a user to log off an interactive logon session, when their hours expire. You can only restrict when a user can log on to the system.

Native Windows features can disconnect a user from any Windows File Servers where the user has a SMB connection but the user will remain logged into their workstation.

UserLock can disconnect users outside of authorized timeframes and/or when time is up.

Force Logoff for Idle Sessions

UserLock can also detect when a password protected screensaver starts and can automatically logoff a session after a specific length of idle time.


With UserLock an administrator can remotely lock and logoff all sessions and also wake-up, restart or shutdown any machine, either from the administrator console or the Web interface.

See more here