Set Logon Restrictions That Protect against Security Breaches

It’s tough to identify malicious access from phished, stolen or shared credentials. Your system believes an authenticated user on the network is who they say they are. But with UserLock all authenticated user logons are better protected. Logon restrictions can be set by user, group or OU to prevent unauthorized access, even when credentials are compromised.

Watch popular Use Cases

Authorized Workstation and Device

Restrict a user to connect from a specific machine.

Use Case

With access to highly sensitive information, John Leach (Director of Human Resources) is restricted to an interactive logon from a specific workstation.
Any access attempt from any other computer or device is now denied.

UserLock Tip

From the UserLock console assign the authorized machine by the exact machine name, or simply query Active Directory and select the users target machine.

 

Authorized Department/IP address

Restrict a user or a specific group to connect only from machines within an Organizational Unit or IP address range .

Use Case

Sue Carter (HR Manager) and all other employees within Human Resources have access to any machine throughout their own department.
Any access attempt from any other computer or device is now denied.

UserLock Tip

Unlike native Windows features, UserLock allows IT to set restrictions by Group or OU. This saves considerable time and allows a centralized access control policy to be quickly set for the organization.

 

Temporary Authorization Changes

Temporary changes to user access restrictions can be set for a defined period of time and automatically deactivated once this period is exceeded .

Use Case

Sue Carter (HR Manager) is working alongside the sales team for a specific project. She needs temporary access to the system from the sales department. Temporary changes can be easily made to Sue’s access rights to include sales group machines secure in the knowledge that no access modifications are left beyond their immediate need.

UserLock Tip

Temporary changes can be easily made without having to edit or remove existing rules. This minimizes the risk from out of date access rights.

 

Deny Simultaneous Connections from a Single Identity

Limit the number of unique entry points and concurrent sessions to prevent simultaneous logins from a single identity.

Use Case

Mike Cross (Sales Representative) has been careless with his rights to work across multiple different machines. Like many users he risks unwanted and unauthorized access by sharing passwords with colleagues and leaving machines unlocked and unattended.
To protect Mike and his trusted access, restrict Mike to a single point of entry, across all session types. Any access attempts that don’t stem from this point are automatically blocked.
This single point of entry renders password sharing useless and encourages machines to be locked and not left unattended. It also protects against malicious access from other users inside the (authorized) department, using Mike’s credentials.

UserLock Tip

Subsequent network connections that stem from this initial access point are all authorized by UserLock, confident that the user is who they say they are. This ensures no frustration for the user.
Other options to balance security and user friction: IT can choose to either allow a user to remotely logoff an existing session or automatically lock the previous session once a new session is open.

 

Authorized Time

Limit access to specific timeframes or set maximum session times for a defined period. Outside of these hours or when time is up, users are disconnected (force logoff) with prior warning.

Use Case

The single point of entry (see previous use case) protects a user’s access when present at work. But what about when they are not there? Time restrictions help protect access outside of Todd Davis’s (Support) normal working hours.
Any access attempt outside of these hours (even at Todd’s own desk) is denied.

UserLock Tip

With UserLock an administrator can remotely lock and logoff any sessions at any time, and also wake-up, restart or shutdown any machine.

 

Secure VPN Access to an Authorized Machine

Each of the login restrictions that can be set and enforced in UserLock take into consideration the session type (workstation, terminal, Wi-Fi, VPN and IIS). This empowers IT to secure network access for a remote and mobile workforce.

Use Case

Robyn Weldo (Software Developer) has been storing sensitive work files online and transferring them to a home computer to continue working from home. IT need to set Robyn up to work securely from home with a secure VPN access.
By restricting this VPN access to an authorized company laptop, any access attempt from any other machine is denied.

UserLock Tip

Robyn also wants to stay up to date on work email using her personal mobile and tablet. Rather than forwarding her work email to a personal email account, IT can organize a secure web access for Microsoft outlook (IIS session) to access work email from any device.

 

In today’s enterprise, authenticated users are considered to be one of the biggest network security risks.

Continue learning more about all UserLock’s access controls and restrictions.

Logon Granted / Denied