• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Limit User Logon

We are currently paying for a piece of software called "User Lock", this allows us to prevent users from logging on at more than one machine at a time - "sharing accounts"

They are not allowed to share accounts but as this is a school, pupils will try it on.

Is there a way to do it in Active Directory / Group Policy?

We are running Windows Server 2008 (R2) with Windows 7 Clients.
4 Solutions
it's possible, but complicated


essentially, you have to create some scripts and call these from group policy.
here's an alternative solution, working on the same principle

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

A same account can log onto multiple computers at a same time. Thus if a user share his account to others, they can logon altogether. There is no way to do it in Active Directory/Group Policy.

There is no build-in setting to stop user sharing their accounts. You will need to find out a workaround or manually create a rule to do this.

You may need to create a script. I found one here, as it is not test, you may have a try on it before apply it to domain:

Stop Multiple Windows Logins

Lionel MMSmall Business IT ConsultantCommented:
Do you want certain users to logon onto specific PCs and only that PC? IF that is the case you can control that quite easily so let me know!
Lionel MMSmall Business IT ConsultantCommented:
Otherwise you can use this logon script to control access to one PC at a time
@echo on
Title Logon Check File

    :: variables
    set drive=\\ServerName\ShareName

for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do Set dt=%%i
If Exist "%drive%\%dt%.%UserName%Logon.tst" GoTo Stop

:Create Logon File
Set >"%drive%\%dt%.%UserName%Logon.tst"
GoTo End

We will have to put something here, depending on what you want done to notify or stop the logon


If this will work for you I can clean it up and add a parameter on what do do if that user is already logged on.
Guy Hengel [angelIII / a3]Billing EngineerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now