• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Limit User Logon

We are currently paying for a piece of software called "User Lock", this allows us to prevent users from logging on at more than one machine at a time - "sharing accounts"

They are not allowed to share accounts but as this is a school, pupils will try it on.

Is there a way to do it in Active Directory / Group Policy?

We are running Windows Server 2008 (R2) with Windows 7 Clients.
0
merlinpjl
Asked:
merlinpjl
4 Solutions
 
Statick001Commented:
it's possible, but complicated

http://abhishek.nagar.me/blogs/restrict-multiple-logins-domain-ad

essentially, you have to create some scripts and call these from group policy.
0
 
Statick001Commented:
here's an alternative solution, working on the same principle

http://www.windowsitpro.com/article/tips/prevent-multiple-logons-with-gpos
0
 
yadayaCommented:
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
VishavSinghCommented:
A same account can log onto multiple computers at a same time. Thus if a user share his account to others, they can logon altogether. There is no way to do it in Active Directory/Group Policy.


There is no build-in setting to stop user sharing their accounts. You will need to find out a workaround or manually create a rule to do this.

You may need to create a script. I found one here, as it is not test, you may have a try on it before apply it to domain:

Stop Multiple Windows Logins

http://www.visualbasicscript.com/m26001.aspx
0
 
Lionel MMSmall Business IT ConsultantCommented:
Do you want certain users to logon onto specific PCs and only that PC? IF that is the case you can control that quite easily so let me know!
0
 
Lionel MMSmall Business IT ConsultantCommented:
Otherwise you can use this logon script to control access to one PC at a time
@echo on
Title Logon Check File

    :: variables
    set drive=\\ServerName\ShareName

for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do Set dt=%%i
If Exist "%drive%\%dt%.%UserName%Logon.tst" GoTo Stop

:Create Logon File
Set >"%drive%\%dt%.%UserName%Logon.tst"
GoTo End

:Stop
We will have to put something here, depending on what you want done to notify or stop the logon

:End
Exit

If this will work for you I can clean it up and add a parameter on what do do if that user is already logged on.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now