diff --git a/README b/README
index d9a67ed..84717fe 100644
--- a/README
+++ b/README
@@ -114,7 +114,7 @@ The following commands are only available to users with operator
 privileges:
 
  - `/clear`: clears the chat history for all users;
- - `/lock`: prevents any new users from connecting to the group unless
+ - `/lock message`: prevents any new users from connecting to the group unless
    they have operator privileges;
  - `/unlock`: reverts the effect of `/lock`;
  - `/record`: start recording;
diff --git a/group/group.go b/group/group.go
index ff4c85e..9bfcd19 100644
--- a/group/group.go
+++ b/group/group.go
@@ -78,7 +78,7 @@ type Group struct {
 	description *groupDescription
 	// indicates that the group no longer exists, but it still has clients
 	dead    bool
-	locked  bool
+	locked  *string
 	clients map[string]Client
 	history []ChatHistoryEntry
 }
@@ -87,16 +87,24 @@ func (g *Group) Name() string {
 	return g.name
 }
 
-func (g *Group) Locked() bool {
+func (g *Group) Locked() (bool, string) {
 	g.mu.Lock()
 	defer g.mu.Unlock()
-	return g.locked
+	if(g.locked != nil) {
+		return true, *g.locked
+	} else {
+		return false, ""
+	}
 }
 
-func (g *Group) SetLocked(locked bool) {
+func (g *Group) SetLocked(locked bool, message string) {
 	g.mu.Lock()
 	defer g.mu.Unlock()
-	g.locked = locked
+	if locked {
+		g.locked = &message
+	} else {
+		g.locked = nil
+	}
 }
 
 func (g *Group) Public() bool {
@@ -272,8 +280,12 @@ func AddClient(name string, c Client) (*Group, error) {
 
 	c.SetPermissions(perms)
 
-	if !perms.Op && g.locked {
-		return nil, UserError("group is locked")
+	if !perms.Op && g.locked != nil {
+		m := *g.locked
+		if m == "" {
+			m = "group is locked"
+		}
+		return nil, UserError(m)
 	}
 
 	if !perms.Op && g.description.MaxClients > 0 {
diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go
index 7b803cd..ea3a17d 100644
--- a/rtpconn/webclient.go
+++ b/rtpconn/webclient.go
@@ -1008,7 +1008,7 @@ func handleClientMessage(c *webClient, m clientMessage) error {
 			if !c.permissions.Op {
 				return c.error(group.UserError("not authorised"))
 			}
-			c.group.SetLocked(m.Kind == "lock")
+			c.group.SetLocked(m.Kind == "lock", m.Value)
 		case "record":
 			if !c.permissions.Record {
 				return c.error(group.UserError("not authorised"))
diff --git a/static/protocol.js b/static/protocol.js
index 87de77f..eacd754 100644
--- a/static/protocol.js
+++ b/static/protocol.js
@@ -419,11 +419,13 @@ ServerConnection.prototype.chat = function(username, kind, message) {
  *
  * @param {string} kind - One of "clearchat", "lock", "unlock", "record or
  * "unrecord".
+ * @param {string} [message]
  */
-ServerConnection.prototype.groupAction = function(kind) {
+ServerConnection.prototype.groupAction = function(kind, message) {
     this.send({
         type: 'groupaction',
         kind: kind,
+        value: message,
     });
 };
 
diff --git a/static/sfu.js b/static/sfu.js
index e5a0f60..3e336ad 100644
--- a/static/sfu.js
+++ b/static/sfu.js
@@ -1072,7 +1072,7 @@ function handleInput() {
                     displayError("You're not an operator");
                     return;
                 }
-                serverConnection.groupAction(cmd.slice(1));
+                serverConnection.groupAction(cmd.slice(1), rest);
                 return;
             case '/record':
             case '/unrecord':