---
locale: "en"
updated_at: "2025-10-24T16:29:20.186Z"
canonical: "https://www.isdecisions.com/en/userlock/docs/reference/server-settings/messages"
---

# Messages

Customize messages displayed to users and admins.

> **Note**
>
> - To access this page, go to **Server settings ▸ Email settings**.
> - You need at least *read* [permission](/userlock/docs/reference/server-settings/permissions) on **Messages to end users** to view this page.

## General information

- Each message field has a maximum number of characters, displayed by a counter in the bottom-right corner.
- You can insert dynamic variables to provide more detailed information in the messages. See the [list of variables](/userlock/docs/server-administration/server-properties/messages#list-of-variables).
- Upgrading to a newer version of UserLock **does not overwrite** customized messages. Only new default messages are added, to preserve existing changes.

## Access policies

Messages related to the [Alerts & notifications policy](/userlock/docs/reference/access-policies/alerts-and-notifications).

- **Same credential popup**: Alerts users if their credentials are used elsewhere on the network.
- **Welcome message**: Optional message shown at logon.

These messages provide transparency to end users when policy rules are enforced.

## Admin logoff

Messages displayed to end-users when a session is forcibly logged off due to UserLock policies or administrator actions.

| Message | What it displays and why | How to trigger it |
| --- | --- | --- |
| **Count restriction logoffs** | Warns the user that their session is closed because the maximum number of [allowed sessions](/userlock/docs/reference/access-policies/session-limit) has been reached. | [Logoff disallowed sessions](/userlock/docs/server-administration/server-properties/general#sessions) enabled |
| **Denied machine logoff** | Warns the user that their session is closed because they are not allowed to log on from this machine, after a change in a [Machine restriction policy](/userlock/docs/reference/access-policies/machine-restriction). | [Logoff disallowed sessions](/userlock/docs/server-administration/server-properties/general#sessions) enabled |
| **Session length logoff** | Warns the user that the maximum session length defined by the [Hour restriction policy](/userlock/docs/reference/access-policies/time-restriction#hours-restrictions) has been reached. | [Maximum session length](/userlock/docs/reference/access-policies/time-restriction#key-points-to-know) configured |
| **Session lock length logoff** | Warns the user that the maximum locked time defined by the [Hour restriction policy](/userlock/docs/reference/access-policies/time-restriction#hours-restrictions) has been exceeded. | [Maximum locked time](/userlock/docs/reference/access-policies/time-restriction#key-points-to-know) configured |
| **Time quota logoff** | Warns the user that their session will be logged off because their allowed time quota has been used up. | [Time quota policy](/userlock/docs/reference/access-policies/time-restriction#time-quotas) configured |
| **Time restriction logoff** | Warns the user that their session will be logged off because the allowed hours for logon have ended. | [Hour restrictions policy](/userlock/docs/reference/access-policies/time-restriction#hours-restrictions) configured |

## Computer commands

Messages shown on computers when UserLock enforces an action such as:

- Restart after installing the [Desktop Station](/userlock/docs/reference/core-concepts/agents)
- Shutdown initiated from the console
- Restart after uninstalling the [Desktop Station](/userlock/docs/reference/core-concepts/agents)

## Logon denied by UserLock

These messages are displayed when a user cannot start a new session because of UserLock access restrictions.

| Message | What it displays and why | How to trigger it |
| --- | --- | --- |
| **Close previous initial access points** | Informs the user that they have reached the maximum number of allowed *Initial access points* and must close one to continue. | Enabling **Close previous session** in a [Session limit policy](/userlock/docs/reference/access-policies/session-limit) with an [initial access point policy](/userlock/docs/reference/access-policies/initial-access-points). |
| **Close previous sessions** | Informs the user that they have reached the maximum number of allowed concurrent sessions and must close one to continue. | Enabling **Close previous session** in a [Session limit policy](/userlock/docs/reference/access-policies/session-limit) with a session limit configured. |
| **Denied geolocation** | Informs the user that logon is denied because the session originates from a forbidden location. | Triggered by a [Geolocation policy](/userlock/docs/reference/access-policies/geolocation). |
| **Denied machine** | Informs the user that logon is denied because the machine is not authorized. | Triggered by a [Machine restriction policy](/userlock/docs/reference/access-policies/machine-restriction). |
| **Group restrictions** | Informs the user that logon is denied because their group has reached the maximum allowed concurrent sessions. | Triggered by a [Session limit policy](/userlock/docs/reference/access-policies/session-limit) on a group or OR with an **Group limit** configured. |
| **Initial access point restriction** | Informs the user that logon is denied because the maximum number of *Initial access points* has been reached. | Triggered by an [initial access point policy](/userlock/docs/reference/access-policies/initial-access-points). |
| **Logon denied** | Informs the user that logon is denied because the maximum session count has been reached. | Triggered by a [Session limit policy](/userlock/docs/reference/access-policies/session-limit). |
| **Time quota denied** | Informs the user that logon is denied because the allowed time quota has been exceeded. | Triggered by a [Time quota policy](/userlock/docs/reference/access-policies/time-restriction#time-quotas). |
| **Time restriction** | Informs the user that logon is denied because the logon attempt is outside of authorized hours. | Triggered by a [Hours restriction policy](/userlock/docs/reference/access-policies/time-restriction#hours-restrictions). |

## MFA user

Messages displayed to the end-users during Multi-Factor Authentication (MFA), such as:

- MFA enrollment instructions (QR code)
- Invalid code errors
- [Help requests](/userlock/docs/reference/server-settings/mfa-settings#ask-for-help-button) and push notification failures

## MFA admin

Notifications sent to administrators when users request [MFA assistance](/userlock/docs/reference/server-settings/mfa-settings#ask-for-help-button).

These help administrators quickly identify and respond to MFA-related issues.

## Notifications for operators

Messages and subjects used for alerts sent to UserLock operators by email or popup.
These include notifications of : 

- [user session events](/userlock/docs/reference/access-policies/alerts-and-notifications#email-notifications),
- [user status changes](/userlock/docs/reference/server-settings/user-status#email-notifications).

## List of variables

In these messages, whenever you see an **Insert a variable** button, you can insert one of the available variables into the text.

Below is a list of all available variables, organized by category:

|  |
| --- |
| Current sessions |
| **initialaccesspoint** | List of initial access points (comma-delimited) already open for a user before the current logon attempt. This string is null if the user has no other open sessions. |
| **nbsessions** | Number of sessions listed by the **sessions** variable. |
| **sessions** | List of sessions (comma-delimited) already open for a user before the current logon attempt. This string is null if the user has no other open sessions. |
| Denied logon |
| **deniedlogons** | Number of logons denied by UserLock since the last successful logon. |
| **refusedlogons** | History of all logons denied by UserLock and by Active Directory since the last successful logon. |
| **refusedlogonsdetails** | History of all logons denied by UserLock and by Active Directory since the last successful logon. |
| **GroupsDenied** | List of groups that have reached a maximum session limit preventing the user from logging in. |
| License |
| **nbusersmax** | Maximum number of users allowed by the license. |
| Previous logon |
| **lastlogontime** | Date and time of the last successful logon. |
| **lastworkstation** | Last machine from which the user was connected. |
| **lastworkstationdesc** | Active Directory description field of the last machine from which the user was connected. |
| Session event |
| **datetime** | Current date time. |
| **SessionEvent** | Session event. |
| **SessionType** | Type of session. |
| **user** | Display name of the user attempting to log on or log off. |
| **useraccount** | User account attempting to log on or log off. |
| **workstation** | Name of the current session. |
| Time quotas |
| **quotainformation** | Minimum remaining time quota and the relevant period. |
| **period** | Time quota period. |
| User status |
| **reason** | Action triggering the user status change. |
| **status** | Successful or denied depending on the result of a logon authorization. |
| **userstatusdetail** | Reason for the user status change. |
| **userstatusold** | Previous user status. |
