Restrict a user to connect only from a specific machine
A list of machines can be defined for a protected account (user, group or organizational unit). You can restrict a user to connect only from a specific machine to open a workstation or terminal session.
This example will give you a step-by-step guide on how to define a rule for a user account authorizing them to open a workstation or a terminal session only from a specific machine.
-
Click on 'Protected accounts' in the menu tree. Open the desired user protected account if it already exists by double-clicking on its corresponding line. Otherwise you can create a protected account for the target group (procedure available here).
-
Display the 'Workstation restrictions' section. To define which machine this user can use to connect to the network, switch 'The following workstations/terminals are' drop-down list to 'Authorized'.
-
You can assign the authorized machine in two different ways.
If you know the exact name of the machine, click on 'Add name' and enter the machine name. Select 'Interactive' session type, which gathers workstation and terminal session types. Click on 'OK'.
-
Otherwise, you can click on 'Add computer' which will display the Active Directory dialog box to select the target machine. Type the beginning of the computer name and click on 'Check Names' or if your prefer, launch the 'Advanced' mode instead.
Select the machine assigned to the user and click on 'OK'.
Click on 'OK' again.
-
All that remains is the selection of session types affected by this rule. Check 'Interactive' session type, which gathers workstation and terminal session types. Click on 'OK'.
-
Validate the workstation restriction by clicking on 'OK' in the 'Quick access' panel.
-
The user 'ab' is now only authorized to open a workstation or terminal session from the computer 'WKS005'. All connection tries from other machines will be denied by UserLock.
To learn more about these options, please see the 'Protected account Workstation restrictions' help section.