04 February 2013

How to Create an Org Wide Maintenance Window using Login Hours

I traded tweets with Matt Lamb (@SFDCMatt) about this topic recently. It's a little known solution to a common problem: when performing org maintenance, how do you log out all users so that they can't make changes while the maintenance is being performed?

I think it's about time there was somewhere on the blogsphere I can point people to on how to use the workbench to change user's profiles *and* create an org wide maintenance window using Login Hours on profiles.

The reason why we can use Login Hours on profiles is that when you set the start and end times to the same hour in the day, it automatically invalidates the user's session and logs them out on their next click or API transaction. Changing a user's IP Range on their profile can also lock a user out, but only when their current session id expires which could be up to twelve hours after resetting the IP Range.

The basic solution outlined below will require changing everyone's profile to a 'Maintenance Window' profile with limited Login Hours. But it's important that you don't lose their existing profile assignments by accident since you will want to replace their 'Maintenance Window' profile with their original assignment once the window of time is complete. Also, while the solution below highlights changing profiles for users that share the same user profile, it's a good idea to consider doing this flow in chunks by user license and creating multiple Maintenance Window profiles, one for each type of license in your org.

Finally, it's important to note that simply inactivating users to accomplish the same thing is the wrong way to go since inactivating users can have a profound impact on your user's sharing and record assignments.

Steps to changing all User profile Ids except for the Maintenance Window Administrators:
  1. Create a new ‘Maintenance Window’ Profile
    1. Setup | Administration Setup | Manage Users | Profiles | New
    2. Use any profile as a template (Read-Only or Standard User is fine since no one will have access during this time but if you want to be overly safe, revoke all permissions from the cloned profile before saving it) and name the new profile ‘Maintenance Window’
    3. Create a Login Hours entry
      1. Enter a time range other than the Maintenance Window
        1. For instance, if the Maintenance window is Tuesday evening starting at 10:00PM and concluding by Wednesday Morning at 4:00AM, set the Login Hours to exclude this period of time or just set Login Hours from 12:00 am to 12:00 am every day of the week.
      2. If a user tries to login during this time, they will fail. If they are logged in, the next action they take (click on a tab for instance), they will be automatically logged out
    4. (Optional) Create a single IP Address Range Entry to an IP Address that no user may access such as 
      1. Unlike Login Hours, this will not automatically log a user out, but will prevent any user with this profile from logging in     
    5. (Optional) Edit the ‘Maintenance Window’ Profile
    6. (Optional) Remove all permissions (Deselect all App Settings except Sales, Change all Tab Settings to Tab Hidden, Deselect all Object Permissions, Deselect all User Permissions)
    7. (Optional) Remove all Apex Class and Visualforce page access
  2. Copy the ProfileId from the newly created Maintenance Window profile. This may be done through the data loader or through the URL in the address bar by navigating to the Profile record.
  4. Copy the UserIds for any user who will need to access the org during the Maintenance Window.  This may be done through the data loader or through the URL in the address bar by navigating to each user record.
  5. Open Workbench (http://workbench.developerforce.com) and login as an administrator with ‘Manage User’ Profile Permission
  6. Jump to: SOQL Query to extract your users
  7. Select the User object and store your results locally in a csv file
  8. Select the following columns
    1. Id
    2. LastName
    3. FirstName
    4. ProfileId 
  9. Add the following constraint
    1. WHERE Id != '<ID of any admin involved in the Maintenance window>'
  10. Select the Bulk CSV radio button to make sure you get a CSV with all of your users you want to block from logging in during the Maintenance Window
  11. The resulting SOQL query should look something like: Select Id, LastName, FirstName, ProfileId FROM User WHERE Id != '00530000001rI6A'
  12. Select the Query button to extract your results
  13. Download and save the CSV file as ‘MaintenanceWindowOriginal.csv’. This file is important in order to not lose your original profile assignments you'll need for the end of the maintenance window.
  14. Change all ProfileIds to the ‘Maintenance Window’ ProfileId you’ve copied and save as a new file: MaintenanceWindowUpdate.csv
  15. Update the Users in the Workbench  
  16. Select the User Object and browse to your MaintenanceWindowUpdate.csv file
  17. Create a mapping of CSV to User Object fields
  18. Click Map Fields
  19. Process records asynchronously via Bulk API and Confirm Update
  20. Verify the Import was successful by navigating to the Manage Users screen and viewing the users.  All Users except the admins participating in the Maintenance window should be set to the Maintenance Window Profile.
  21. Perform any necessary changes to configurations during the Maintenance Window, making sure not to delete any profile during the maintenance.
  22. When you’re ready for users to have access again, load the MaintenanceWindowOriginal CSV back into the org using the Workbench and the same Update flow as you did to change their profiles the first time.
  23. Verify the update was successful by navigating to the Manage Users screen and ensuring that the profiles were returned to their original state before the Maintenance Window.

You can use these same steps to mass update user's profiles using the API and a tool like the Workbench.


  1. Wonderful post!!Thank you for sharing this info with us.
    Keep updating I would like to know more updates on this topic
    Very useful content, I would like to suggest this blog to my friends.

    Salesforce Training institutes in Chennai

    Salesforce Training

    1. Great Article Cloud Computing Projects

      Networking Projects

      Final Year Projects for CSE

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Thanks for sharing the information, keep posting technology releated news and updates for more information visit
    Salesforce updates and certification
    Salesforce training in Hyderabad
    Salesforce training in Hitech city

  3. In the event that you are searching for a supplier in the Austin, Texas territory at that point Pool Service Austin a call and they will give you a free statement. blue water pool service

  4. Window curtain fabrics are the best way to add colors and patterns to any rooms decor. Motifs that are large are best used flat but a pattern that will trail or branches works best when it's folded or gathered.motorized blinds dubai

  5. Please continue this great work and I look forward to more of your awesome blog posts. Best Cleaning company in Abu Dhabi

  6. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. Cockroaches Control Abu Dhabi

  7. Disposable nuisance dust masks to protect the wearer from exposure to coarse, non-toxic particles. Molded to the face with an elastic strap. These masks are lightweight so are easy to breathe through and do not restrict the vision.

    n95 coronavirus mask

  8. Even if an agent can’t sell your house, we can help. (Sometimes selling a house through a real estate agent is not for everyone.)

    We Buy Houses Waukesha WI

  9. A sleek long lob is a nice pick for thick tresses as it really pulls off the lock density very well. In fact, the Lob with layers will avoid the risk of ending up with a motionless and blocky look. Furthermore, choppy layers impart a shaggy and feminine flair.

    short hair for round faces

  10. 우리카지노 100%안전 검증된 카지노사이트 만 엄선하여 소개해드립니다 국내 업계1위 우리카지노계열 전통이 있는 온라인카지노 에서 안전하고 편안한 게임을 ..


  11. A sleek long lob is a nice pick for thick tresses as it really pulls off the lock density very well. In fact, the Lob with layers will avoid the risk of ending up with a motionless and blocky look. Furthermore, choppy layers impart a shaggy and feminine flair.
    window treatments

  12. This comment has been removed by the author.

  13. I wanted to thank you for this excellent read!! I loved the way you presented every niche related to salesforce. The best curtain and blinds store to purchase from is an exquisite idea.

  14. CertsQuestions provide the best pdf dumps to pass any certifications exam. All exams pdf questions are 100% real and updated. PDF Dumps

  15. Thank you for your post, I look for such article along time, today i find it finally. this post give me lots of advise it is very useful for me. window washer

  16. Thanks for the blog loaded with so many information. Stopping by your blog helped me to get what I was looking for. best facility services

  17. I haven’t any word to appreciate this post.....Really i am impressed from this post....the person who create this post it was a great human..thanks for shared this with us. movable walls

  18. A site login content is utilized to distinguish a client as per the client name and secret phrase he gives. hotmail sign in

  19. best mosue 2020 Trust us: you need the best mouse if you spend long hours on your laptop or computer. A cheap, run-of-the-mill pointing device just won’t do, not if you care at all about your productivity as well as your wrists and shoulders. Whereas its subpar counterparts will mostly be passable, an excellent mouse is going to be much more superior in performance, build, and ergonomics.

  20. Essential window cleaning isn't troublesome - all you require is the correct instruments, the correct procedure, and the correct data to give your windows a cleaned clean. Shine windows

  21. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. Ramen Leuven

  22. Generally a 6 inch to 12 inch is best for home window and a 18 inch to 22 inch is best for business and customer facing facade washing. Smartest option is to several unique sizes to be protected. window cleaning near me

  23. Utilize the vacuum check to quantify the vacuum in the cleaner hose. It ought to be 1 inch vacuum for each part of hose. On the off chance that the cleaner actually moves gradually, call Blue Haven Pools and Spas Supplies Direct. eavestrough cleaning

  24. Security is getting very important with the passage of time. In earlier days, security was not as important as it is today. Today, security is given top priority whether it be banks, homes, shops, cars or anything. Nothing goes unsecured in today's world. This is due to the fact that crime rate has increased significantly over last couple of decades. Security doors Melbourne

  25. Custom printed CBD boxes have become a mandatory part of the industry. These boxes are made of reliable materials like Kraft paper, cardboard and corrugated cardboard, which is inexpensive and helps prevent environmental pollution.

  26. However, you should consider some broad rules before you settle on a choice exclusively on appearance. window coverings toronto

  27. I found your this post while searching for information about blog-related research ... It's a good post .. keep posting and updating information. thoptv pc, thop tv for windows

  28. When your website or blog goes live for the first time, it is exciting. That is until you realize no one but you and your. visit this page

  29. Thankyou for this wondrous post, I am glad I observed this website on yahoo. https://officialbopkingdlow.com/

  30. That appears to be excellent however i am still not too sure that I like it. At any rate will look far more into it and decide personally! source