Restrict Active
Directory User Logon By Workstation, Device or IP Address

Restrict and limit on where any Active Directory user may logon. UserLock can control access to certain geographies, particular workstations (PC and Mac), employee-owned devices, departments or IP addresses. Outside of these controls access is automatically denied.

Workstation restrictions

Deny and Allow Workstation Logins to better Protect your Network

Restricting Active Directory users by machine name or IP address reduces the network attack surface and will protect against unwanted access. In the event of a user’s credentials being compromised the number of computers, devices and locations that can use these credentials is vastly reduced.

Use Case Example 1

Restrict User Login to only specific Workstations & Devices

Limit access to a single computer or particular machines. This can be set for a single user or a group of users. Read the exact use case.

Use Case Example 2

Restrict User Login to an authorized IP address range

Restrict connection to certain geographies or departments. This can be set for a single user or a group of users.

Easily enforce effective Login controls by origin

Works alongside Active Directory

Query Active Directory within the UserLock console to select the specific target workstation or device.

Set logon restrictions for a group of users

Go far beyond ‘deny and allow workstation logons’ with Group policies. Granular restrictions can be centrally set – on a user-by-user basis and for multiple users by group or organizational unit.

Apply temporary logon restrictions

Set for a defined time period so no users are left with access beyond their immediate needs.

More Context Aware Restrictions

Restrictions by origin work alongside the other UserLock contextual access restrictions (session type, number of simultaneous connections and time constraints) to best protect and secure Active Directory user access.

Session type Session type

Session type

Control workstation, terminal, Wi-Fi, VPN and IIS sessions to protect both interactive sessions and network access for remote and mobile users.

Read more

Simultaneous Connections

Simultaneous Connections

Limit the number of unique entry points and concurrent sessions to prevent simultaneous logins from a single identity.

Read more


Limit access to specific timeframes and set daily, weekly or monthly time quotas, maximum session times and idle session time.

Read more

Download UserLock

VersionSupported systems
Windows XP | Windows Server 2003 | Windows Vista | Windows Server 2008 | Windows 7 | Windows Server 2008 R2 | Windows 8 | Windows server 2012 | Windows 8.1 | Windows Server 2012 R2 | Windows 10 (64 bits computers included) | Windows Server 2016

Demo restriction : 30-day full version with no user limits

Scroll to top