@DonkeyBot - you could set a flag on user records that you want to restrict and then create two scheduled workflows/mass updates that flip records that meet those criteria to inactive at the start of the window, and back to active at the end. It will give an alarming message to your end users, something like "Your access has been revoked" if they try to log in, but if it's properly communicated, it usually goes over alright. I've used this method when having to do system maintenance and not wanting anyone's grubby hands on my system during 🙂