---
title: Securing the Server with lockdown mode
description: The PingDirectory server provides tools to enter and leave lockdown mode if the server requires a security lockdown.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_secure_server_lockdown_mode
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_secure_server_lockdown_mode.html
revdate: September 13, 2023
page_aliases: ["pd_ds_enter_lockdown_mode_manually.adoc", "pd_ds_leave_lockdown_mode.adoc", "pd_ds_start_server_lockdown_mode.adoc"]
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  entering-lockdown-mode-manually: Entering lockdown mode manually
  steps-2: Steps
  example: Example:
  leaving-lockdown-mode: Leaving lockdown mode
  steps-3: Steps
  example-2: Example:
  starting-a-server-in-lockdown-mode: Starting a server in lockdown mode
  steps-4: Steps
  example-3: Example:
---

# Securing the Server with lockdown mode

The PingDirectory server provides tools to enter and leave lockdown mode if the server requires a security lockdown.

## About this task

In lockdown mode, only users with the `lockdown-mode` privilege can perform operations Users who do not have the privilege are rejected. By default, root users have this privilege. You can give other administrators this privilege. Users with this privilege can configure lockdown mode as a recurring task.

Some configuration problems can lead to inadvertent exposure of sensitive information, such as an access control rule that cannot be properly parsed, and cause the server to place itself in lockdown mode. This ensures that an administrator can manually correct the problem. Lockdown mode does not persist across restarts.

### Steps

* To perform some administrative operations and ensure that other client requests are not allowed to access any data in the server, manually place the server into lockdown mode.

  ### Result:

  Any client request to the PingDirectory server in lockdown mode receives an `Unavailable` response.

* To take the PingDirectory server out of lockdown mode, use either of the following options:

  * Use the `leave-lockdown-mode` command.

  * Restart the server.

* To start a server in lockdown mode, use the `start-server` `--lockdownMode` option.

## Entering lockdown mode manually

### Steps

* To enter lockdown mode, run `enter-lockdown-mode`.

  #### Example:

  ```shell
  $ bin/enter-lockdown-mode
  ```

## Leaving lockdown mode

### Steps

* To leave lockdown mode, run `leave-lockdown-mode`.

  #### Example:

  ```shell
  $ bin/leave-lockdown-mode
  ```

## Starting a server in lockdown mode

### Steps

* To start a server in lockdown mode, run the `start-server` command with the `--lockdownMode` option.

  #### Example:

  ```shell
  $ bin/start-server --lockdownMode
  ```