Limit User Logon

Posted on 2011-04-26
Last Modified: 2012-06-21
We are currently paying for a piece of software called "User Lock", this allows us to prevent users from logging on at more than one machine at a time - "sharing accounts"

They are not allowed to share accounts but as this is a school, pupils will try it on.

Is there a way to do it in Active Directory / Group Policy?

We are running Windows Server 2008 (R2) with Windows 7 Clients.
Question by:merlinpjl
    LVL 3

    Accepted Solution

    it's possible, but complicated

    essentially, you have to create some scripts and call these from group policy.
    LVL 3

    Assisted Solution

    here's an alternative solution, working on the same principle
    LVL 3

    Assisted Solution

    LVL 3

    Assisted Solution

    A same account can log onto multiple computers at a same time. Thus if a user share his account to others, they can logon altogether. There is no way to do it in Active Directory/Group Policy.

    There is no build-in setting to stop user sharing their accounts. You will need to find out a workaround or manually create a rule to do this.

    You may need to create a script. I found one here, as it is not test, you may have a try on it before apply it to domain:

    Stop Multiple Windows Logins
    LVL 24

    Expert Comment

    Do you want certain users to logon onto specific PCs and only that PC? IF that is the case you can control that quite easily so let me know!
    LVL 24

    Expert Comment

    Otherwise you can use this logon script to control access to one PC at a time
    @echo on
    Title Logon Check File

        :: variables
        set drive=\\ServerName\ShareName

    for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do Set dt=%%i
    If Exist "%drive%\%dt%.%UserName%Logon.tst" GoTo Stop

    :Create Logon File
    Set >"%drive%\%dt%.%UserName%Logon.tst"
    GoTo End

    We will have to put something here, depending on what you want done to notify or stop the logon


    If this will work for you I can clean it up and add a parameter on what do do if that user is already logged on.
    LVL 142

    Expert Comment

    by:Guy Hengel [angelIII / a3]
    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
    Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now