Session Protection Policy

Scope: SessionLimit 2.0

his is the screen where the number of simultaneous logins of users and the computers and IP addresses/blocks to which they can be limited for login are determined.

In order for policies to be valid and work, assignments must first be made on a user, group or OU basis.

The order in the list works according to the following rule;

  1. The policy applied to users is dominant at all times and under all circumstances. No rule can override the rule applied to the user.

  2. A user account is added to the list both individually and with the group it is a member of, and even if different policies are applied, the policy applied to the user will be dominant and will not receive any settings from the group.

  3. Priority is only between groups or OUs. Likewise, policies applied to groups dominate OUs.

  4. Policies function from top to bottom, and whatever policy the user sticks to from top to bottom, the rules are valid. It does not switch to another rule below.

Add New Policy

To add a new policy, click the Add New Policy button.

When adding a policy, you can determine which type of session you will limit the session to.

Policy Name: Enter a name for your policy,

Description: Enter a description for your policy. It is not mandatory,

Interactive Logon is Enable: When you select this option, your policy starts session tracking for Interactive Sessions.

Remote Logon is Enable: When you select this option, your policy starts session tracking for RDP Sessions.

0: No logins are allowed.

Other than 0: Determines how many simultaneous sessions users can log in.

Interactive Logon is Enable and Remote Logon is Enable switches determine whether the number of sessions of this type will be limited or not. If it is selected, the number of logins for the relevant type is limited to the specified number. If it is not selected, the number of logins for the relevant type is unlimited.

Buttons Meaning in Session Policy Protection

  1. Policy Assign: The policy is assigned to the user, security group or Organizational unit. This action, if done, has an immediate effect and attempts to reduce the number of active sessions to the historical number in the policy. Sessions are only intervened in systems with agent installed. The session on the system that does not have an agent installed cannot be interfered with.

  2. Policy Assign Details: Displays the assignment information of the policy.

  3. Edit: It is used to change the number of simultaneous logons defined in the policy.

  4. Change Priority: It is used to change the priority order between policies.

  5. Delete Policy: It is used to delete the policy.

Policy Assign

Assign Policy to User

  1. Choose domain

  2. Select the criteria to be searched in the search user field.

  3. Enter at least 1 character in the search field, press the search button.

  4. Select the AD objects you want to protect with Session Protection Policy from the list and press the Add button.

  5. Once you finish adding to the list, save it with the Save button.

  6. If you want to remove it after adding it to the list, you can delete a single object with the Delete button, or the entire list by clicking remove list.

The groups to be selected must be security groups. Distribution Groups are not shown in the list.

Assign Policy to Computer

If users to whom the policy is assigned are required to log in only to a specific list of computers, they must assign computers from this field. For example: If Help Desk operators are required to log in only to Help Desk computers, the relevant setting is made here.

The groups to be selected must be security groups. Distribution Groups are not shown in the list.

In order for policies to be valid and work, assignments must first be made on a user, group or OU basis.

  • Choose domain

  • Select the criteria to be searched in the search user field.

  • Enter at least 1 character in the search field, press the search button.

  • Select the AD objects that contains computer objects and you want to protect with Session Protection Policy from the list and press the Add button.

  • Once you finish adding to the list, save it with the Save button.

  • If you want to remove it after adding it to the list, you can delete a single object with the Delete button, or the entire list by clicking remove list.

Interactive Logon is Enable and Remote Logon is Enable switches are used to determine whether this type of login can be opened or not. If it is selected, the relevant type can be logged in, if not selected, the relevant type cannot be logged in.

Assign IP Restriction to Policy

It is used to limit the users to be protected from logging in to computers with certain IP addresses or on the network.

In order for policies to be valid and work, assignments must first be made on a user, group or OU basis.

IP Address: Limited logins can be made with IP addresses added to the list. It is not possible to log in to systems outside these IP addresses. Ex: 192.168.15.6

IP range: Logins can be limited to computers within a certain IP range. It is not possible to log in to systems outside these IP addresses. It is sufficient to write the starting and ending IP addresses in the fields. Ex: Start: 192.168.27.1; End: 192.168.27.19

IP Subnet Range: Login operations can be limited to computers within an IP subnet. It is not possible to log in to systems outside these IP addresses. Subnet information is entered. For example: NetworkID: 192.168.59.0, Mask: 24. Mask value takes a value between 1 and 32.

Interactive Logon is Enable and Remote Logon is Enable switches are used to determine whether this type of login can be opened or not. If it is selected, the relevant type can be logged in, if not selected, the relevant type cannot be logged in.

PreviousPolicyNext2FA Policy

Last updated