Workstation restrictions
UserLock allows you to restrict workstations from which members of a 'protected account' may logon. The 'Workstation restrictions' section allows you to define and manage the granted or denied workstations perimeter through a list of all user members of a 'Protected account'.
A specific Use case is available here and will give you a step-by-step guide on how to restrict a user to connect only from a specific machine.
- The following workstations/terminals
are: 'Not configured' by default.
Set the drop-down list to the option:
- 'Authorized' to authorize every connection from the listed items (and so deny all items not listed).
- 'Denied' to deny every connection from the listed items (and so authorize all item not listed). - Add IP Range
Fill in the IP range you want to list. The two IP addresses defining the boundary are included in the range. You also have to define the session types for the workstations in this IP range. - Add name
Enter the name of the workstation you want to list. You also have to define the session types for this workstation. - Add Computer
Enter the name of the workstation you want to list. You can query Active Directory to check and select the target workstation. You also have to define the session types for this workstation. -
Add Organizational Unit
Select the target workstation Organizational Unit by browsing Active Directory. You also have to define the session types for the workstation members of this Organizational Unit.
Please note: A user can be a member of several permanent and/or temporary protected accounts (user, group or organizational unit). UserLock determines which rules to apply based on certain priorities. These priorities are described in the section named 'Priority management'.
This restriction works with MAC addresses for Wi-Fi sessions, and with IP addresses (and NetBIOS names if available) in all other cases.