Windows Server

Time of day restriction: How to configure logon hours for users in Active Directory

logon

There are times you may want to restrict users’ access to the Active Directory for a few days or hours. This is a security feature that can help to protect IT resources from unauthorized access and system administrators make use of this feature to improve their effectiveness on the job. This restriction can be achieved through the Group Policy if you need to configure it for more than one user, but in this guide, we will be using the AD interface just for a single user.

If you need more guides on Active Directory then you can read these: How to set an account expiration date in Active Directory, How to delegate control for Bitlocker recovery keys in Active Directory, Active Directory Ports: Service and network port requirements for Windows, AD Explorer from SysInternals: How to use Active Directory Explorer.

The first thing you should do is open the Active Directory Users and Computers in the Server Manager and navigate to the user account you want to configure the restriction on.

image-75
Active Directory Users and Computer

Next, right-click the user account you want to configure the restriction and select Properties

Here are some related guides: Enable Active Directory Recycle Bin: How to delete and restore objects using Active Directory Administrative Center, and Domain Controller: How to install and configure Active Directory Domain Services on Windows Server 2022.

image-76
AD Properties

On the Properties page click the Account tab and Logon Hours.

image-77
AD Properties

The below window will appear showing the Permitted or Denied hours. The Permitted color is Blue and while the Denied color is White. Click on the Logon Denied option and all you need to do is to drag your cursor on the boxes depicting days and hours or you select each box individually and then click the Logon Permitted.

For example, the below image shows Sunday through Saturday and 12 AM to 2 PM as the period that a user can log on to the Server.

image-78
Logon Permitted

Click on the Logon Permitted option and all you need to do is to drag your cursor on the boxes depicting days and hours or you select each box individually and then click the Logon Denied. For example, the below image shows Sunday through Saturday from 6 AM to 4 PM as the period that a user can log on to the Server.

image-79
Logon Denied

After Configuring the Logon Denied time and days and you try to login within this period you will definitely get the below message.

I hope you found this blog post Time of day restriction: How to configure logon hours for users in Active Directory interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x