People might not generally be aware that in Planning Analytics (TM1 server v11) virtually all server configuration parameters are now dynamic, meaning they can be changed with immediate effect while the server is in session. This includes IntegratedSecurityMode which affects how users are able to log in.
This presents an easy way to prevent users establishing new sessions and interfering with batch load processes. Just change the IntegratedSecurityMode parameter and users won’t be able to log in. No need to for a TI to remove client/group associations or change all passwords which then need to be put back again.
E.g. if a server is using CAM mode 5 just change the security mode to 1 and users will be denied login. The same of course would work vice versa.