How to restrict domain users to a single session
Posted on 2010-08-23
I'm the network administrator of a school (W2K3 + XP) and I'm trying to find a way to make it so the students can only log on to one computer at a time so that if any of their accounts are disabled for whatever reason they can't just 'share' the logon of a friend.
From searching through the Experts Exchange forums I've learnt that this is a common request with the most common solution being to use Microsoft's LimitLogon. My school is a part of a national network and as such I do not have sufficient priveleges to alter the forest schema and as Limitlogon prepares/alters the forest schema this approach is unfortunately not an option.
I've been applying a simple logon/logoff batch file script via Group Policy to create a text file when the user logs on and delete it when they log off. If a file corresponding to their username exists when they log on it logs them off. The problem with this is that for it to work the students need full read/write/delete access to this folder and they now know they can just delete their file from this folder to have multiple sessions again.
I was looking some sort of database entry/checking system as opposed to the file creation. I currently am using a VB script to log all users logons and logoffs into a MS Access database and was looking use a similar approach for putting usernames into a table when they log in, removing it when logout and checking and logging them out if their name already exists within the database.
I have done some coding in the past with VB and PHP but i'm a little rusty so any help would be appreciated.
Alternatively, if anyone knows of a different to this approach I would be interested in hearing it!
Thanks for reading,