Teramind offers several methods to restrict or prevent user access to a monitored computer. Whether you need to respond to an immediate threat manually or set up automated security responses, you can use the Dashboard, behavior rules, or the Session Player to secure your endpoints.

This method provides immediate, manual control for administrators. The "Locked" status is clearly visible in the Dashboard's "Locked" column. This method also prevents re-entry until an admin manually unlocks the account.

You can manually lock an employee's computer directly from the Employees screen:

1. Navigate to the Employees dashboard.

2. Select one or more employees by clicking the Checkboxes in front of their names.

3. Click the Actions menu near the top-right corner and select Lock or Unlock.

4. Click the Apply button.

This method enforces the same lock action mentioned in method 1 above. However, it automates the action with a rule. It enables 24/7 security response to specific threats (e.g., data exfiltration) without requiring an admin to be present. However, be careful as it might it might accidentally lock out a legitimate users if rules are not finely tuned.

You can use the Lock User rule action with any supported rules:

1. Navigate to Configurations > Behavior Policies.

2. Open an exiting rule or create a new rule.

3. Go to the Actions tab.

4. Select the Lock User action.

5. (Optional) Enter a message to be displayed to the user before they are locked out.

6. Click the Save Rule button to the rule. When triggered, the user is taken to the lock screen and automatically logged out again if they attempt to re-enter.

For advanced responses on Windows systems, the Command rule action allows you to execute system-level scripts automatically when a rule is triggered:

The commands listed below are merely examples. You can run any Windows command or script via this action. It is recommended that users research and test their specific scripts independently.

Use Case: Ideal for immediate session suspension when a user triggers a minor policy violation. It forces the computer to the lock screen without closing active programs.

Use Case: Best for critical security breaches where the hardware must be powered down immediately to stop an ongoing attack.

Use Case: For example, if you allow Spotify but want it closed if the user remains idle for 30 minutes, you can use taskkill /im spotify.exe /f to forcefully end the process once the idle threshold is met.

Use Case: Essential for preventing a compromised user from logging back in after a forced logoff by changing their local credentials.

These options are Ideal for real-time incident intervention while watching a user's screen. These actions allow the admin to perform remediation without a full lockout.

You can perform these actions from the Session Player's Live View controls:

1. Freeze Input: Click the Lock icon to immediately disable the user's keyboard and mouse, preventing further interaction.

2. Remote Control: Click the Cursor icon to take full control of the user's desktop via RDP to manually secure the system.

3. Send Ctrl+Alt+Del: Click the Exclamation icon to trigger the Windows Security Options screen, where you can manually lock the account or open Task Manager.