Restrict Users:

 

In this page we discuss

The users who can be restricted from using the License

 

License management involves the process of restricting users who fall under the following five categories:

  1. Account Expired Users

  2. Account Disabled Users

  3. Inactive Users

  4. Deleted Users

  5. Service Accounts

  6. Smart Card Users.

 

1.Account Expired Users:

 

This happens for user accounts that are created for a shorter time duration (eg.in the case of a temporary employee). As the account's time duration elapses,the user account gets expired - as there is no point in maintaining a disembodied account. A user with an expired account will be stripped of his license.

 

2.Account Disabled Users:

 

The rights for disabling a user account is in the hands of the administrator. By disabling a user account,the administrator denies user the access to ADSelfService portal. This usually happens when a user retires from an organization.

 

3.Inactive Users:

 

License Management feature allows the administrator to block users who have been inactive for a specified time period.The time period can be set to any number of days (your choice). Using this feature you - the administrator - can take precautionary steps inorder to prevent any disarray in an organization.

 

All the Domain Controllers of the selected domain must be configured in ADSelfService Plus using Domain Settings in order to create a valid inactive users list.

 

4.Deleted Users:

 

Just as the license management feature restricts the inactive users, it can also forbid the deleted users from accessing the ADSelfService portal.As in most cases, there is no need of licenses for users who have been deleted from an organization.

 

5.Service Accounts:

 

A service account is a user account that is created explicitly to provide a security context for services running. Resetting the password for that account will stop the service from running. To avoid such cases service accounts are restricted to access ADSelfService portal.

 

6.Smart Card Users:

 

Users can use a Smart Card to authenticate themselves in Active Directory. In such a case, administrators can restrict smart card users from accessing the ADSelfService password management portal using this License Management feature.

 

When a user gets restricted,then the entire database related to that particular user is lost.The user will be restricted from following locations:

  • From All Reports
  • Login
  • Auto Enrollment
  • Enrollment Notification
  • Organization Chart and Employee Search
  • Self Update Manager List
  • Technician List

 

 

Configuring the License Management Feature:

 

The license management feature can be configured to restrict users either manually or automatically.

 

Restrict Users Manually:

  1. Navigate to Admin --> License Management --> Restrict Users

  2. Select the required Domain

  3. Select the desired OUs (if you want to restrict users from a particular OU)

  4. Click Restrict Users icon. A new window will open

  5. From the Account Type drop-down menu select the type of users you want to restrict

  6. Click Generate. A list of users of the selected type will be generated

  7. Select the users you want to restrict. You can select all the users at once or a particular user.

  8. Click Restrict

Once restricted, the user will not be able to log in or perform any actions using ADSelfService Plus. The enrollment data of the user will be deleted too.

 

Restrict Users Automatically:

  1. Navigate to Admin --> License Management --> Restrict Users

  2. Click Schedule to Restrict icon. You will be taken to the Restrict Users Scheduler page

  3. Click Add New Scheduler

  4. Enter a Name and Description for the scheduler

  5. Select the domain and the desired OUs

  6. Now select the type of users that you want to restrict

  7. Specify the duration for running the scheduler

  8. You can also specify a email ID to which the restricted users list will be sent periodically

  9. Click Save

Enabling A Restricted User:

 

Once restricted, the user will not be able to log in or perform any actions using ADSelfService Plus. The enrollment data of the user will be deleted too.

 

  1. Navigate to Admin --> License Management --> Restrict Users. The restricted users list will be displayed

  2. Select the users you want to reinstate

  3. Click Allow Access

  4. A message box will appear stating that the user was successfully reinstated

When a user gets reinstated,the administrator has to re-enroll that particular user (since the information associated with the restricted users gets lost)

 

Reinstate Users Automatically:

  1. Navigate to Admin --> License Management --> Restrict Users.

  2. Click Schedule to Unrestrict(Permit).

  3. Enable the scheduler.

  4. Select the types of users.

  5. Click Save.

Copyright © 2011, ZOHO Corp. All Rights Reserved.
ManageEngine