Restrict Active
Directory User Logon By Workstation, Device, Country
or IP Address

Restrict and limit on where any Active Directory user may logon. UserLock can control access to certain geographies, particular workstations (PC and Mac), employee-owned devices, departments or IP addresses. Outside of these controls access is automatically denied.

Start a free trial Book a Demo
Restrict Active Directory User Logon

Deny and Allow Workstation Logins to better Protect your Network

Restricting Active Directory users by country, machine name or IP address reduces the network attack surface and will protect against unwanted access. In the event of a user’s credentials being compromised the number of computers, devices and locations that can use these credentials is vastly reduced.

Use Case Example 1

Restrict User Login based on Country

The geolocation restriction allows an administrator to restrict remote logons based on country (geolocation). The restriction will disallow/allow logons from a list of selectable countries.

Geolocation restrictions

Use Case Example 2

Restrict User Login to only specific Workstations & Devices

Limit access to a single computer or particular machines. This can be set for a single user or a group of users. Read the exact use case.

Use Case Example 3

Restrict User Login to an authorized IP address range

Restrict connection to certain geographies or departments. This can be set for a single user or a group of users.

Easily enforce effective Login controls by origin

Works alongside Active Directory

Query Active Directory within the UserLock console to select the specific target workstation or device.

Set logon restrictions for a group of users

Go far beyond ‘deny and allow workstation logons’ with Group policies. Granular restrictions can be centrally set – on a user-by-user basis and for multiple users by group or organizational unit.

Apply temporary logon restrictions

Set for a defined time period so no users are left with access beyond their immediate needs.

Including Mac Users

Macs have seen a rapid increase in adoption among organizations. Since the release of UserLock 9.5, you can also control and restrict login access from Mac computers.
Icons indicate if the session is from a Mac or Windows machine.

Icons indicate if the session is from a Mac or Windows machine

Get the UserLock Web App

Monitor and respond to network sessions quickly, easily, and from anywhere with the UserLock Web App.


New UserLock Web App

More Context Aware Restrictions

Restrictions by origin work alongside the other UserLock contextual access restrictions (session type, number of simultaneous connections and time constraints) to best protect and secure Active Directory user access.

Session type Session type

Session type

Control workstation, terminal, Wi-Fi, VPN and IIS sessions to protect both interactive sessions and network access for remote and mobile users.

Read more

Simultaneous Connections

Simultaneous Connections

Limit the number of unique entry points and concurrent sessions to prevent simultaneous logins from a single identity.

Read more


Limit access to specific timeframes and set daily, weekly or monthly time quotas, maximum session times and idle session time.

Read more


Request a personalized demo now

Discover how UserLock can help you meet your needs.

Secure Active Directory Credentials with Multi-Factor Authentication (MFA)

Read More