Solved

Limit Concurrent Windows Logon Sessions

Posted on 2014-04-02
14
804 Views
Last Modified: 2014-07-25
Limit Concurrent Windows Logon Sessions

tried http://www.rlmueller.net/LogonScriptFAQ.htm  


tried rlmueller.net Logon7.vbs and Logoff7.vbs but  not working it is not stopping second session of user login
0
Comment
Question by:mash1978
  • 8
  • 3
  • 2
14 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
It wasn't meant to limit concurrent logons.. You have to go into the terminal services configuration
You can do so via a setting in the Microsoft Management Console (MMC) Terminal Services Configuration snap-in. Go to Start, Programs, Administrative Tools, Terminal Services Configuration. Select Server Settings, and in the details pane double-click Restrict each user to one session. Select the Restrict each user check box. This setting restricts each user to only one connection. If a user disconnects from a session and later tries to log on to the terminal server again, the server reconnects the user to the session that's already active. If a user is currently connected to Terminal Services and tries to initiate another Remote Desktop session, the server will disconnect the user from his or her current session and connect them to a session from their new Remote Desktop window.

Restricting Users to One Concurrent Terminal Services Session | Systems Management content from Windows IT Pro - http://goo.gl/LyHSQr
0
 

Author Comment

by:mash1978
Comment Utility
We are not asking for Terminal Server , it is related to Normal Windows Domain local user login. for windows xp , windows 7, 8 domain user login on windows 2003 / 2008 /2012 domain controller
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
You need to install the Microsoft LimitLogin utility.
http://support.microsoft.com/kb/237282
http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe
Prevent Same User Login to Multiple Computers Simultaneously - Spiceworks - http://goo.gl/H8fA7t
0
 

Author Comment

by:mash1978
Comment Utility
Thanks,  but we do not want to use this tool as it will not work on windows 64bit OS

Please provide suggestions why  rlmuller.net vb script not working
0
 

Author Comment

by:mash1978
Comment Utility
Admin need your attention on this question
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Just trying to understand your exact requirement 1st please

Do you want that if one user has logged on his win xp \ 7 workstation with domain id, he should be prevented to logon on next workstation, is that you are looking for or some thing else ?

Mahesh.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:mash1978
Comment Utility
Yes, perfect.
0
 

Author Comment

by:mash1978
Comment Utility
I am trying rlmueller

http://www.rlmueller.net/Logon7.htm

File Should created as login name of User and User should not be able to login on another PC/System When it is login on one PC/system. in Domain script should be applicable for Windows xp/7/8  and Domain Controller is windows 2003/2008
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Ok
I am not scripting guy to modify Mueller script
You could write \ request him so that he might be help you

However as far I know what you are trying to do is not possible with MS tools or not possible with LimitLogin utility as it won't support Windows 2008 AD

The possible way to do this with 2008 active directory is with 3rd party utility
http://www.isdecisions.com/products/userlock

Mahesh.
0
 

Author Comment

by:mash1978
Comment Utility
isdecisions.com tool is too costly

microsoft not willing acquire and in build this tool in his Operating system. very strange thing.

Microsoft do not want to support Limit Concurrent Windows Logon Sessions in his Operating system that's why people like  Novell Netware ,Sco Unix and Linux.
0
 

Accepted Solution

by:
mash1978 earned 0 total points
Comment Utility
Problem Resolved.....

Find below updated Mueller script  ( I will again say many many thanks to Mr. Muller)

Kindly guide me any things can be improve in this script like in login file write user name and last pc name/IP of user last login and have not logoff.

=====================================================

------------------------------------------------------------------------------------------------------------------
Logon7_Others.txt / Logon7_Others.vbs
------------------------------------------------------------------------------------------------------------------

' Logon7.vbs
' VBScript Logon script to enforce one logon session per user.
'
' ----------------------------------------------------------------------
' Copyright (c) 2010 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - May 29, 2010
' Version 1.1 - June 3, 2010
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

Option Explicit

Dim objFSO, objNewFile, objNetwork
Dim intCount, objShell, intTimeout
Dim strComputerEncoded, strShare, strFlagFile, strComputer
Dim objOldFile, strLine, strValue, objChars, strErrorLog
Dim objWMIService, colOperatingSystems, objOperatingSystem
Dim strTitle, strText, intConstants, intAns
Dim strHexValue, strUserEncoded, objSysinfo, strUserDN, objUser
Dim strShare2, objErrorLog
Dim objWSHShell
Dim strLoginName1

Const B64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Const OpenAsASCII = 0
Const CreateIfNotExist = True
Const LOGOFF = 0

' Specify shared folder.
strShare = "\\sharepath-01\LIMITLOGON$\Logs"

' Specify alternate shared folder to log errors if the first is unavailable.
strShare2 = "\\sharepath-02\LIMITLOGON$\Logs"
intTimeout = 4

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("Wscript.Network")
Set objShell = CreateObject("Wscript.Shell")

' Retrieve user and computer information.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strComputer = objNetwork.ComputerName
strLoginName1 = objNetwork.UserName 

' Base64 encode computer name and user GUID.
strHexValue = TextToHex(strComputer)
strComputerEncoded = HexToBase64(strHexValue)

strHexValue = TextToHex(objUser.GUID)
strUserEncoded = HexToBase64(strHexValue)
' Remove trailing "=".
strUserEncoded = Replace(strUserEncoded, "=", "")

' Create flag file based on encoded user GUID.
'strFlagFile = strShare & "\" & strUserEncoded & ".log"




strFlagFile = strShare & "\" & strLoginName1 & ".log"





' Check if flag file exists for this user.
If (objFSO.FileExists(strFlagFile) = True) Then
    ' Read encoded computer name from the flag file.
    Set objOldFile = objFSO.OpenTextFile(strFlagFile, ForReading)
    strLine = objOldFile.ReadLine
    objOldFile.Close
    ' Check encoded computer name.
    If (strLine <> strComputerEncoded) Then
        ' Does not match encode local computer name. Decode computer name.
        ' Setup dictionary object.
        Set objChars = CreateObject("Scripting.Dictionary")
        objChars.CompareMode = vbBinaryCompare
        ' Load dictionary object.
        Call LoadChars
        ' Alert user.
        strValue = Base64ToHex(strLine)
        strValue = HexToText(strValue)
        strTitle = "Too many logon Sessions"
        strText = "You must logoff (or restart) computer: " & strValue
        intConstants = vbOKOnly + vbCritical
        intAns = objShell.Popup(strText, intTimeout, strTitle, _
            intConstants)

        ' Logoff.
        Set objWMIService = GetObject("winmgmts:" _ 
            & "{impersonationLevel=impersonate,authenticationLevel=Pkt,(Shutdown)}!\\" _ 
            & strComputer & "\root\cimv2") 

        Set colOperatingSystems = objWMIService.ExecQuery _
            ("Select * from Win32_OperatingSystem")

        For Each objOperatingSystem in colOperatingSystems
            objOperatingSystem.Win32Shutdown(LOGOFF)
	
		
		ObjOperatingSystem.Win32Shutdown(0) 

Set objWSHShell = WScript.CreateObject("WScript.shell")


objWSHShell.Run "C:\windows\system32\shutdown.exe -f -l"

'objWSHShell.Run "psshutdown.exe -f -o -accepteula"

'objWSHShell.Run "\\sharepath-01\SYSVOL\Domain Name\Tools\PsTools\psshutdown.exe -f -o -accepteula"

        Next
        Wscript.Quit
    End If
End If

' Write computer name to flag file.
On Error Resume Next
Set objNewFile = objFSO.OpenTextFile(strFlagFile, _
    ForWriting, CreateIfNotExist, OpenAsASCII)
If (Err.Number = 0) Then
    On Error GoTo 0
    ' Write to flag file.
    objNewFile.WriteLine strComputerEncoded
    objNewFile.Close
Else
    On Error GoTo 0
    ' Unable to open text file. Log error to alternate location.
    strErrorLog = strShare2 & "\Error.log"
    On Error Resume Next
    Set objErrorLog = objFSO.OpenTextFile(strErrorLog, _
        ForAppending, CreateIfNotExist, OpenAsASCII)
    If (Err.Number = 0) Then
        On Error GoTo 0
        ' Make three attempts to write, in case many users are affected.
        intCount = 1
        Do Until intCount = 3
            On Error Resume Next
            objErrorLog.WriteLine "## Logon Error" _
                & vbCrLf & "Time: " & CStr(Now()) _
                & vbCrLf & "Share unavailable: " & strShare _
                & vbCrLf & "User: " & strUserDN _
                & vbCrLf & "Computer: " & strComputer _
                & vbCrLf & "Flag file not created"
            If (Err.Number = 0) Then
                On Error GoTo 0
                Exit Do
            Else
                Err.Clear
                intCount = intCount + 1
                Wscript.Sleep 200
            End If
            On Error GoTo 0
        Loop
        objErrorLog.Close
    End If
End If
On Error GoTo 0

Function TextToHex(ByVal strText)
    ' Function to convert a text string into a string of hexadecimal bytes.
    Dim strChar, k

    TextToHex = ""
    For k = 1 To Len(strText)
        strChar = Mid(strText, k, 1)
        TextToHex = TextToHex & Hex(Asc(strChar))
    Next
End Function

Function HexToBase64(ByVal strHex)
    ' Function to convert a hex string into a base64 encoded string.
    ' Constant B64 has global scope.
    Dim lngValue, lngTemp, lngChar, intLen, k, j, strWord, str64, intTerm

    intLen = Len(strHex)

    ' Pad with zeros to multiple of 3 bytes.
    intTerm = intLen Mod 6
    If (intTerm = 4) Then
        strHex = strHex & "00"
        intLen = intLen + 2
    End If
    If (intTerm = 2) Then
        strHex = strHex & "0000"
        intLen = intLen + 4
    End If

    ' Parse into groups of 3 hex bytes.
    j = 0
    strWord = ""
    HexToBase64 = ""
    For k = 1 To intLen Step 2
        j = j + 1
        strWord = strWord & Mid(strHex, k, 2)
        If (j = 3) Then
            ' Convert 3 8-bit bytes into 4 6-bit characters.
            lngValue = CCur("&H" & strWord)

            lngTemp = Fix(lngValue / 64)
            lngChar = lngValue - (64 * lngTemp)
            str64 = Mid(B64, lngChar + 1, 1)
            lngValue = lngTemp

            lngTemp = Fix(lngValue / 64)
            lngChar = lngValue - (64 * lngTemp)
            str64 = Mid(B64, lngChar + 1, 1) & str64
            lngValue = lngTemp

            lngTemp = Fix(lngValue / 64)
            lngChar = lngValue - (64 * lngTemp)
            str64 = Mid(B64, lngChar + 1, 1) & str64

            str64 = Mid(B64, lngTemp + 1, 1) & str64

            HexToBase64 = HexToBase64 & str64
            j = 0
            strWord = ""
        End If
    Next
    ' Account for padding.
    If (intTerm = 4) Then
        HexToBase64 = Left(HexToBase64, Len(HexToBase64) - 1) & "="
    End If
    If (intTerm = 2) Then
        HexToBase64 = Left(HexToBase64, Len(HexToBase64) - 2) & "=="
    End If

End Function

Function HexToText(ByVal strHex)
    ' Function to convert a string of hexadecimal bytes into a text string.
    Dim strChar, k

    HexToText = ""
    For k = 1 To Len(strHex) Step 2
        strChar = Mid(strHex, k, 2)
        HexToText = HexToText & Chr("&H" & strChar)
    Next
End Function

Function Base64ToHex(ByVal strValue)
    ' Function to convert a base64 encoded string into a hex string.
    Dim lngValue, lngTemp, lngChar, intLen, k, j, intTerm, strHex

    intLen = Len(strValue)

    ' Check padding.
    intTerm = 0
    If (Right(strValue, 1) = "=") Then
        intTerm = 1
    End If
    If (Right(strValue, 2) = "==") Then
        intTerm = 2
    End If

    ' Parse into groups of 4 6-bit characters.
    j = 0
    lngValue = 0
    Base64ToHex = ""
    For k = 1 To intLen
        j = j + 1
        ' Calculate 24-bit integer.
        lngValue = (lngValue * 64) + objChars(Mid(strValue, k, 1))
        If (j = 4) Then
            ' Convert 24-bit integer into 3 8-bit bytes.
            lngTemp = Fix(lngValue / 256)
            lngChar = lngValue - (256 * lngTemp)
            strHex = Right("00" & Hex(lngChar), 2)
            lngValue = lngTemp

            lngTemp = Fix(lngValue / 256)
            lngChar = lngValue - (256 * lngTemp)
            strHex = Right("00" & Hex(lngChar), 2) & strHex
            lngValue = lngTemp

            lngTemp = Fix(lngValue / 256)
            lngChar = lngValue - (256 * lngTemp)
            strHex = Right("00" & Hex(lngChar), 2) & strHex

            Base64ToHex = Base64ToHex & strHex
            j = 0
            lngValue = 0
        End If
    Next
    ' Account for padding.
    Base64ToHex = Left(Base64ToHex, Len(Base64ToHex) - (intTerm * 2))

End Function

Sub LoadChars
    ' Subroutine to load dictionary object with information to convert
    ' Base64 characters into base 64 index integers.
    ' Object reference objChars has global scope.

    objChars.Add "A", 0
    objChars.Add "B", 1
    objChars.Add "C", 2
    objChars.Add "D", 3
    objChars.Add "E", 4
    objChars.Add "F", 5
    objChars.Add "G", 6
    objChars.Add "H", 7
    objChars.Add "I", 8
    objChars.Add "J", 9
    objChars.Add "K", 10
    objChars.Add "L", 11
    objChars.Add "M", 12
    objChars.Add "N", 13
    objChars.Add "O", 14
    objChars.Add "P", 15
    objChars.Add "Q", 16
    objChars.Add "R", 17
    objChars.Add "S", 18
    objChars.Add "T", 19
    objChars.Add "U", 20
    objChars.Add "V", 21
    objChars.Add "W", 22
    objChars.Add "X", 23
    objChars.Add "Y", 24
    objChars.Add "Z", 25
    objChars.Add "a", 26
    objChars.Add "b", 27
    objChars.Add "c", 28
    objChars.Add "d", 29
    objChars.Add "e", 30
    objChars.Add "f", 31
    objChars.Add "g", 32
    objChars.Add "h", 33
    objChars.Add "i", 34
    objChars.Add "j", 35
    objChars.Add "k", 36
    objChars.Add "l", 37
    objChars.Add "m", 38
    objChars.Add "n", 39
    objChars.Add "o", 40
    objChars.Add "p", 41
    objChars.Add "q", 42
    objChars.Add "r", 43
    objChars.Add "s", 44
    objChars.Add "t", 45
    objChars.Add "u", 46
    objChars.Add "v", 47
    objChars.Add "w", 48
    objChars.Add "x", 49
    objChars.Add "y", 50
    objChars.Add "z", 51
    objChars.Add "0", 52
    objChars.Add "1", 53
    objChars.Add "2", 54
    objChars.Add "3", 55
    objChars.Add "4", 56
    objChars.Add "5", 57
    objChars.Add "6", 58
    objChars.Add "7", 59
    objChars.Add "8", 60
    objChars.Add "9", 61
    objChars.Add "+", 62
    objChars.Add "/", 63

End Sub

------------------------------------------------------------------------------------------------------------------

Open in new window



=====================================================

------------------------------------------------------------------------------------------------------------------
Logoff7_Others.txt / .vbs
------------------------------------------------------------------------------------------------------------------

' Logoff7.vbs
' VBScript Logoff script to enforce one logon session per user.
'
' ----------------------------------------------------------------------
' Copyright (c) 2010 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - May 29, 2010
' Version 1.1 - June 3, 2010
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

Option Explicit

Dim objFSO, objNetwork, strComputer, strComputerEncoded
Dim strShare, strFlagFile, objFile, strLine, objFolder
Dim strHexValue, strUserEncoded, objSysinfo, strUserDN, objUser
Dim strShare2, objErrorLog, strErrorLog, intCount
Dim objWSHShell
Dim strLoginName1


Const B64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Const ForReading = 1
Const ForAppending = 8
Const OpenAsASCII = 0
Const CreateIfNotExist = True

' Specify shared folder.
strShare = "\\sharepath-01\LIMITLOGON$\Logs"

' Specify alternate folder if the first is unavailable.
strShare2 = "\\sharepath-02\LIMITLOGON$\Logs"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("Wscript.Network")

' Retrieve user and computer information.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
strComputer = objNetwork.ComputerName
strLoginName1 = objNetwork.UserName


' Base64 encode computer name and user GUID.
strHexValue = TextToHex(strComputer)
strComputerEncoded = HexToBase64(strHexValue)

strHexValue = TextToHex(objUser.GUID)
strUserEncoded = HexToBase64(strHexValue)
strUserEncoded = Replace(strUserEncoded, "=", "")

' Create flag file based on encoded user GUID.
'strFlagFile = strShare & "\" & strUserEncoded & ".log"

strFlagFile = strShare & "\" & strLoginName1 & ".log"

' Check if flag file exists for this user.
If (objFSO.FileExists(strFlagFile) = True) Then
    ' Read encoded computer name from the flag file.
    Set objFile = objFSO.OpenTextFile(strFlagFile, ForReading)
    strLine = objFile.ReadLine
    objFile.Close
    ' Check encoded computer name.
    If (strLine = strComputerEncoded) Then
        ' Delete the file.
        objFSO.DeleteFile strFlagFile
    End If
    Wscript.Quit
End If

' No flag file found for this user. Make sure share is available.
On Error Resume Next
Set objFolder = objFSO.GetFolder(strShare)
If (Err.Number <> 0) Then
    On Error GoTo 0
    ' Log error to alternate location.
    strErrorLog = strShare2 & "\Error.log"
    On Error Resume Next
    Set objErrorLog = objFSO.OpenTextFile(strErrorLog, _
        ForAppending, CreateIfNotExist, OpenAsASCII)
    If (Err.Number = 0) Then
        On Error GoTo 0
        ' Make trhee attempts to write, in case many users are affected.
        intCount = 1
        Do Until intCount = 3
            On Error Resume Next
            objErrorLog.WriteLine "## Logoff Error" _
                & vbCrLf & "Time: " & CStr(Now()) _
                & vbCrLf & "Share unavailable: " & strShare _
                & vbCrLf & "User: " & strUserDN _
                & vbCrLf & "Computer: " & strComputer _
                & vbCrLf & "Flag file: " & strFlagFile
            If (Err.Number = 0) Then
                On Error GoTo 0
                Exit Do
            Else
                Err.Clear
                intCount = intCount + 1
                Wscript.Sleep 200
            End If
            On Error Goto 0
        Loop
        objErrorLog.Close
    End If
End If
On Error GoTo 0

Function TextToHex(ByVal strText)
    ' Function to convert a text string into a string of hexadecimal bytes.
    Dim strChar, k

    TextToHex = ""
    For k = 1 To Len(strText)
        strChar = Mid(strText, k, 1)
        TextToHex = TextToHex & Hex(Asc(strChar))
    Next
End Function

Function HexToBase64(ByVal strHex)
    ' Function to convert a hex string into a base64 encoded string.
    ' Constant B64 has global scope.
    Dim lngValue, lngTemp, lngChar, intLen, k, j, strWord, str64, intTerm

    intLen = Len(strHex)

    ' Pad with zeros to multiple of 3 bytes.
    intTerm = intLen Mod 6
    If (intTerm = 4) Then
        strHex = strHex & "00"
        intLen = intLen + 2
    End If
    If (intTerm = 2) Then
        strHex = strHex & "0000"
        intLen = intLen + 4
    End If

    ' Parse into groups of 3 hex bytes.
    j = 0
    strWord = ""
    HexToBase64 = ""
    For k = 1 To intLen Step 2
        j = j + 1
        strWord = strWord & Mid(strHex, k, 2)
        If (j = 3) Then
            ' Convert 3 8-bit bytes into 4 6-bit characters.
            lngValue = CCur("&H" & strWord)

            lngTemp = Fix(lngValue / 64)
            lngChar = lngValue - (64 * lngTemp)
            str64 = Mid(B64, lngChar + 1, 1)
            lngValue = lngTemp

            lngTemp = Fix(lngValue / 64)
            lngChar = lngValue - (64 * lngTemp)
            str64 = Mid(B64, lngChar + 1, 1) & str64
            lngValue = lngTemp

            lngTemp = Fix(lngValue / 64)
            lngChar = lngValue - (64 * lngTemp)
            str64 = Mid(B64, lngChar + 1, 1) & str64

            str64 = Mid(B64, lngTemp + 1, 1) & str64

            HexToBase64 = HexToBase64 & str64
            j = 0
            strWord = ""
        End If
    Next
    ' Account for padding.
    If (intTerm = 4) Then
        HexToBase64 = Left(HexToBase64, Len(HexToBase64) - 1) & "="
    End If
    If (intTerm = 2) Then
        HexToBase64 = Left(HexToBase64, Len(HexToBase64) - 2) & "=="
    End If

End Function
------------------------------------------------------------------------------------------------------------------

Open in new window




=====================================================
Logon7-Others.txt
Logoff7-Others.txt
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
In reality Microsoft never gives you that functionality out of the box in case of active directory because according to them one benefit of active directory is one user can logon to any machine within corporate network
0
 

Author Closing Comment

by:mash1978
Comment Utility
VB Script working
0

Featured Post

Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now