Back to Resources

Level Verified

Lock Device and All Users Automation

Created by

Level

Type

Automation

Category

Security

Platforms
WindowsApple iOSLinux
Import into Level
Copy link

Problem Overview

This automation addresses urgent security risks by swiftly locking down endpoints, preventing unauthorized access, and stopping potential threats. When a device is compromised or at risk, it’s crucial to secure it remotely and immediately.

Description

When triggered—either manually or by adding the “Lock” tag—the automation terminates all current sessions and disables user accounts across Windows, macOS, and Linux endpoints. It ensures that no new logins can occur while still allowing Level to maintain remote management capabilities. If a Windows device is part of a domain, the automation additionally locks all relevant Active Directory accounts for complete coverage. When the automation can’t fully lock a device, it automatically generates an alert, allowing prompt intervention.

Preview

Lock Device Automation Preview

Use Cases

  • Immediate lock-down of lost or stolen endpoints
  • Rapid response to suspicious activity
  • Automatic lock triggered by policy or security event
  • Enforcing compliance for devices in high-risk environments

Recommendations

  • Test Before Production: Run the automation on a non-critical device to confirm successful lock without disrupting operations.
  • Preemptive Setup: Have the “Unlock” automation ready so you can reverse changes once the threat is cleared or the situation is resolved.
  • Review Account Dependencies: Ensure critical services won’t be impacted by disabled local accounts.
  • Monitor Alerts: Pay attention to any alert notifications if the lock cannot be fully executed.

FAQ

  • Does this break remote management?
    No. Level retains management capabilities even after the device is locked.
  • What if I need to quickly restore access?
    Use the companion “Unlock” automation which can automatically run when the “Lock” tag is removed, thereby reverting changes.
  • Will domain accounts be affected?
    Yes, if the endpoint is domain-joined, the automation locks related Active Directory accounts.
  • Can I schedule this automation?
    Yes. It can be triggered automatically or run on demand through your chosen policies.

Included with this Automation:

Below is a list of what you can expect to find when importing this Automation.

Script details:

The following data and settings will be imported with your script.

Triggers

  • Manual
  • Tag Applied

Actions

  • Run Script
  • Create Alert
Import into Level

Related resources

Explore more automations, scripts, and policies to further enhance your IT operations.

View all resources

Start automating thousands of your devices with Level

Start your 14-day free trial today.

Book a demoGet started for free

© 2025 Level Software, Inc.