Limitations

Scope: SessionLimit 2.0

SessionLimit defines users in 3 modes;

  1. Protected: Users whose session numbers or types are regulated by the Session Protection Policy. It is subject to restrictions and all events are collected. It is subject to licensing.

  2. Unprotected: These are users for whom no policy has been applied, all their events are monitored, but they are not subject to any restrictions. They are not subject to licensing.

  3. None: Users who are not monitored by the system and are not subject to any restrictions. They are not subject to licensing.

Limitations Screen

Transactions can be made collectively or individually on the Limitations screen.

Logoff: To collectively send logoff to selected group members and users, click on the Logoff button that opens in the top menu. If confirmation is given on the incoming confirmatory screen, all active sessions will be closed on all computers within a heartbeat. It can be send this action bulk or individually.

Protect: Changes the limitation status of the selected objects to Protect status. The last policy applied to the object takes effect. In this case, if you are not sure which policy it is, it will be useful to perform the operation from the Session Policy Protection screen. It can be changed bulk or individually.

Unprotect: Changes the limitation state of the selected objects to Unprotect state. The last policy applied to the object remains bound, but is not applied. Events continue to be collected, no limitation is applied. It can be changed bulk or individually.

Delete: It is used to delete the AD Object from this list. When deleted, the object becomes None. In this case, no events are tracked, session limitation does not work, and it is not subject to licensing.

If the AD objects on which Protect/Unprotect or Delete operations are performed from this list are set with Session Protection Policy from a parent object (Group, OU), the changes made may not work. The settings from the Session Protection Policy will still remain valid.

For example: Let the HelpDesk group be protected with Session Protection Policy. On the Limitations screen, the HelpDesk group is protected. In the Limitations screen, when a user account (HelpDesk group member) is unprotected, no limitations are applied to the user's account, but their events are monitored. HelpDesk users other than this user are limited and their events are monitored. If the user is deleted from the Limitations screen, it is thought that its status will be None, but this is not the case. The user will now start receiving limitations information and limitations from group membership in Session Protection Policy.

If you only want to follow the events of a user or group without protecting them, press the Add New User / Group button and add the user, group and/or OU from the list to make them unprotected.

Add New User / Group

  1. Choose domain

  2. Select the criteria to be searched in the search user field.

  3. Enter at least 1 character in the search field, press the search button.

  4. Select the AD objects you want to add from the list and press the Add button.

  5. Once you finish adding to the list, save it with the Save button.

  6. If you want to remove it after adding it to the list, you can delete a single object with the Delete button, or the entire list by clicking remove list.

Previous2FA PolicyNextEndpoint Management

Last updated