See all insights
Apply 2FA on Windows AD logins, IIS, VPN, RDP & RD Gateway, Off-network and SaaS connections.
Choose between push notifications, hardware devices, or authenticator apps as MFA methods.
Secure access to cloud apps with SSO combined with MFA and context-aware restrictions.
Monitor, alert, and respond in real time to all user access activity.
Control how users access the network based on machine or device, time, session type or simultaneous connections.
Get centralized auditing across your network and report on all Windows user access events.
Using Active Directory functionality, a System Administrator can define that a user (let us call her Carol this time) is limited to only being able to work from 07:00 am to 05:00 pm.
What really happens if Carol logs on at about 01:00 and remains logged on past 05:00? Windows will not log her off of his workstation at this time, because there is no native control in Windows to perform that.
There is a setting (Local Policies > Security Options) though that might make you think that it would work that way: «Automatically logoff users when logon time expires.» But this setting only applies to file and print servers (SMB component).
Carol logs on at her workstation and accesses a file server. If she remains logged on and accessing this file server past 05:00 pm (provided she has no files open on that file server), when 05:00 pm rolls around, the file server will disconnect her and prevent her from reconnecting to the file server itself. But there is absolutely nothing in Windows that will log her off of her workstation where she is interactively logged on at the console.
This feature is nonetheless required for an Information System to comply with major regulatory constraints, including:
Outside of authorized timeframe(s) and/or when time is up, UserLock will really disconnect users with prior warning.
Share this page:
Free number for US & Canada: + 1-800-492-3951
GMT +1: +33 5 59 41 42 20
© IS Decisions