Limit User Logon

We are currently paying for a piece of software called "User Lock", this allows us to prevent users from logging on at more than one machine at a time - "sharing accounts"

They are not allowed to share accounts but as this is a school, pupils will try it on.

Is there a way to do it in Active Directory / Group Policy?

We are running Windows Server 2008 (R2) with Windows 7 Clients.
Who is Participating?
it's possible, but complicated

essentially, you have to create some scripts and call these from group policy.
here's an alternative solution, working on the same principle
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

A same account can log onto multiple computers at a same time. Thus if a user share his account to others, they can logon altogether. There is no way to do it in Active Directory/Group Policy.

There is no build-in setting to stop user sharing their accounts. You will need to find out a workaround or manually create a rule to do this.

You may need to create a script. I found one here, as it is not test, you may have a try on it before apply it to domain:

Stop Multiple Windows Logins
Lionel MMSmall Business IT ConsultantCommented:
Do you want certain users to logon onto specific PCs and only that PC? IF that is the case you can control that quite easily so let me know!
Lionel MMSmall Business IT ConsultantCommented:
Otherwise you can use this logon script to control access to one PC at a time
@echo on
Title Logon Check File

    :: variables
    set drive=\\ServerName\ShareName

for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do Set dt=%%i
If Exist "%drive%\%dt%.%UserName%Logon.tst" GoTo Stop

:Create Logon File
Set >"%drive%\%dt%.%UserName%Logon.tst"
GoTo End

We will have to put something here, depending on what you want done to notify or stop the logon


If this will work for you I can clean it up and add a parameter on what do do if that user is already logged on.
Guy Hengel [angelIII / a3]Billing EngineerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.