Restrict Active Directory
User Logon hours
& Force Logoff On a Windows Server Domain

Enforce logon hour restrictions, maximum session length and time quotas for all Active Directory users. Go beyond native controls and set by group, on different session types and force logoff when outside of authorized timeframes.

Download Read more
Restrict Active Directory User Logon hours

Logon Time Restrictions Far beyond Native Windows Controls

UserLock makes it easy to manage the hours and days that any user, or group of users, may log on to a Windows Server domain; helping implement effective login controls that improve network security.

Logon Hour Restrictions

For a defined time period, set logon hours as either authorized or denied for different session types.

Use Case Example 1

For a group of users deny any interactive logon outside business hours

Watch Video Step by Step guide

Session Time Quotas

Authorize a maximum period of time (hours and minutes) a user is connected – per day, week or month - for different session types.

Use Case Example 2

For a group of users enforce 37 hours per week of workstation session usage.

Step by Step guide

Administrator options

Set by Group

Unlike native Windows, UserLock allows logon time restrictions to be set for any user, group of users or Organization Unit.

Set by Session Type

Configure the time frames for different types of session (workstation, terminal, Wi-Fi & VPN and/or IIS).

Set Maximum Session Length

When the time expires, the session will automatically logoff the user– with prior warning.

Set according to Machine’s Local Time Zone

Choose to apply time restrictions according to each client machine’s time instead of the UserLock server time.


Force Logoff When Logon Hours Expire

Using native controls, there is no way to force a user to log off an interactive logon session, when their hours expire. Read more.

But with UserLock, an administrator can choose to automatically logoff users outside of authorized timeframes, or when time is up.

A warning notification can be displayed to users before UserLock initiates the session logoff.

Logoff session Force logoff when logon hours expire

Force Logoff & Idle Session Time Limit

UserLock can also automatically logoff sessions after a specific idle time. This forced logoff helps protect shared workstations which are left open and pose obvious security and compliance risks.

Logoff every open session after an idle period of 20 minutes

Use Case Example 3

Logoff every open session by any member of a group after an idle period of 20 minutes.

Step by Step guide

Display consumed Time

For any user you can easily view the effective time quota policy in place and display the consumed time for the different session types.
(The time during which a workstation or terminal session is locked is counted as consumer time).

Display consumed Time

More Context Aware Restrictions

Restrictions by time constraints work alongside the other UserLock contextual access restrictions (session type, number of simultaneous connections and origin) to best protect and secure Active Directory user access.

Session typeSession type

Session type

Control workstation, terminal, Wi-Fi, VPN and IIS sessions to protect both interactive sessions and network access for remote and mobile users.

Read more

Simultaneous Connections

Simultaneous Connections

Limit the number of unique entry points and concurrent sessions to prevent simultaneous logins from a single identity.

Read more



Limit access by location with controls at workstation, device, IP range, organizational unit (OU), department, floor and building levels.

Read more


Request a personalized demo now

Discover how UserLock can help you meet your needs.

Download UserLock

The trial version includes:

  • 30-day full version
  • no user limits
  • free technical support

Supported systems

Release Date : 7/24/2018
Version : UserLock 9.7
What's new in this version ?