UserLock Documentation
UserLock Documentation
You are here: Reference > Console > Server administration > Hour restrictions

Hour restrictions

The 'Hour restrictions' section allows you to define periods of time during which users members of a 'protected account' can or cannot log on to the network.

A specific Use case is available here and will give you a step-by-step guide on how to prevent access to the network outside of certain hours.

You can configure the granted or denied logon hours for the entire work week or per day, and for different types of sessions. This option is defined to 'Not configured' by default.

Two modes are available, depending on the option chosen for the restriction:

  • 'The following time frames are Authorized': Members of the 'protected account' will be able to connect to the network during the defined time frames with the specified session types (and will be denied during all time frames not listed).
  • 'The following time frames are Denied': Members of the 'protected account' won't be able to connect to the network during the defined time frames with the specified session types (and will be authorized during all time frames not listed).

    To select the entire day, set the time to midnight in both fields.

  • Action to take in case of overtime (for interactive sessions only) : 'Not configured' by default.
    The following actions are available for an open session when the authorized time frame has expired:
    - 'Do nothing'.
    - 'Logoff session' ; the session logoff will be notified to users during the period of time defined in the 'Session' item. The logoff is forced. Any unsaved documents will be lost.
    - 'Lock session' ; the session lock doesn't prevent users from reopening a session but the session will get locked again shortly after.

Session

Maximum session length

'Not configured' by default.

To enable this option, set the drop-down list value to 'Limited to' and enter a value for the desired time period. You can also set this option as 'Unlimited'.
When the time period defined is reached, the session will automatically be closed after the period of time set in 'Logoff notification timeout'.
This option isn't restrictive: once the session is closed, a user will be able to open it again for the period authorized here.

Maximum locked time

'Not configured' by default.

To enable this option, set the drop-down list value to 'Limited to' and enter a value for the desired time period. You can also set this option as 'Unlimited'.
When the time period defined is reached for a locked session, the session is automatically closed.

Requirements

  • The screen saver has to be protected by password through the option 'On resume, display logon screen' and must be enforced for users. You can easily define these settings for all users through Microsoft Group Policies.
  • The option 'Consider screen saver time as locked time' needs to be enabled in the 'Agent configuration' section in 'Properties' of the 'Agent distribution' view.

Logoff notification timeout

'Not configured' by default.

To enable this option, set the drop-down list value to 'Limited to' and enter a value for the desired time period. You can also set this option as 'Unlimited'. If this parameter is not configured, the default value is 1 minute.
A warning notification is displayed to users before initiating the session logoff. You can specify the period of time (in minutes) this notification will be displayed by entering a value here.

Please note

  • The 'Session' options are only supported by interactive session types (workstation and terminal).
  • The logoff initiated by these options is forced. Any unsaved documents will be lost.
  • A user can be a member of several permanent and/or temporary protected accounts (user, group or organizational unit). UserLock determines which rules to apply based on certain priorities. These priorities are described in the 'Priority management' section.