UserLock Documentation
UserLock Documentation
You are here: Use cases > Prevent access connections outside certain hours

Prevent access connections outside certain hours

UserLock allows you to create rules preventing users from connecting to the network outside authorized hours.

This example will give you a step-by-step guide on how to define a rule which prevents a user workstation and terminal connection outside the following business hours:
- Monday to Friday, from 8:00 AM to 7:00 PM.
- Saturday morning, from 9:00 AM to 1:00 PM.
and will force the logoff of any session open when the hours limit is reached.

  1. Click on 'Protected accounts' in the menu tree. Open the desired group protected account if it already exists by double-clicking on its corresponding line. Otherwise, you can create a protected account for the target group (procedure available here).

  2. Display the 'Hours restriction' section.

  3. Switch 'The following time frames are' drop-down list to 'authorized'.

  4. Click on 'Add' to define time frames.

  5. Define the first time frame i.e. Monday to Friday with the same hours - 8:00 AM to 7:00 PM.

    Select which types of sessions are concerned by selecting 'Interactive' as the session type, which gathers workstation and terminal session types.

    Click on 'OK'.

  6. Check the boxes of the corresponding days - Mondays to Friday. Click on 'OK'.

  7. Adjust the hours to show as 8:00 AM to 7:00 PM. Click on 'OK' to validate the first authorized time frame.

  8. You now have to define a second time frame for Saturday as the hours range is not the same as the others days of the week. Click again on 'Add'.

  9. Define the second time frame i.e. only Saturday, from 9:00 AM to 1:00 PM. Again select 'Interactive' as the session type, which gathers workstation and terminal session types.

    Click on 'OK'.

  10. Uncheck the boxes from Monday to Friday, and instead check the Saturday box.

    Click on 'OK'.

  11. Adjust the hours to show as 9:00 AM to 1:00 PM.

    Click on 'OK' to add this second time frame.

    You have successfully defined two time frames corresponding to the authorized hours. User connections will be denied outside these hours.

  12. To logoff users sessions once they reach the limit of the time frames, adjust the option 'Action to take in case of overtime' to 'Logoff session'.

    Note that the logoff will be forced meaning that all unsaved documents will be lost. The next step allows you to define an alert to warn users.

  13. To warn users reaching the end of the authorized time frame, set 'Logoff notification timeout' to 'Enabled' and enter a number of minutes during which a warning message box will be displayed (15 in our example).

  14. Click on 'OK' in the 'Quick access' panel to validate the rule.

User members of the group 'Everyone' will be granted permission to open a workstation or terminal session during the authorized hours. Sessions reaching the limit will be logged off with a prior warning notification. All workstation and terminal connection outside the defined hours will be denied.

You can customize the 'Logoff notification timeout' content from the 'Messages' view. The notification message reference is 'TIME_RESTRICTION_LOGOFF'.

To learn more about message customization, see the use case named 'Customize messages displayed to users'.

To learn more about these options, see the 'Protected account Hour restrictions' help section.