Nepali Posted July 28, 2007 Share Posted July 28, 2007 might be the simple one, but i couldn't get how to disable the same users to logon to the same domain from different machin simaltaneously.in my context:2000 Adv server as server "domain=radius"2000 pro as clienttest as user24 machinessame test user can logon to the doman from all machines.i want only one accout to be logon to the domain at a time from one machine and that same account shouldn't be logon from another machine with same username. Link to comment Share on other sites More sharing options...
m8rk Posted July 28, 2007 Share Posted July 28, 2007 You need limitlogin from Microsoft: http://www.microsoft.com/technet/technetma...ilitySpotlight/Has been built in in Citrix for years of course Link to comment Share on other sites More sharing options...
Nepali Posted July 28, 2007 Author Share Posted July 28, 2007 isn't it possible without any additional addons doesn't microsoft have such policy defined ?i think this is very common issue... that anyone can overcome Link to comment Share on other sites More sharing options...
m8rk Posted July 28, 2007 Share Posted July 28, 2007 hmm - how many times have we heard that before! There's also UserLock which costs about £2.50 per client. The predecessor to limitlogon was CConnect - but that was insecure. Link to comment Share on other sites More sharing options...
fizban2 Posted July 28, 2007 Share Posted July 28, 2007 within active directory, you can set what machines the client is able to logon too. Under the account tab for that user, just set the computer that they are suppose to be logging into there and then that is the only machine they will be able to logon too Link to comment Share on other sites More sharing options...
Nepali Posted July 28, 2007 Author Share Posted July 28, 2007 (edited) isn't it possible without any additional addons doesn't microsoft have such policy defined ?i think this is very common issue... that anyone can overcomehmm - how many times have we heard that before! There's also UserLock which costs about £2.50 per client. The predecessor to limitlogon was CConnect - but that was insecure.i am not concerned with third party tools, anyway thanks for ur effort.. within active directory, you can set what machines the client is able to logon too. Under the account tab for that user, just set the computer that they are suppose to be logging into there and then that is the only machine they will be able to logon tooWell this is not practicable for me as the domain is in college, and student can sit on any machine.. so i can let the IP or computer to be difined. the only way to restrice them is username/account. What my students do is, they login on one machine, and leave the machine open and again sit on another machine, resulting third student can use his previous computer and delete all his data. Edited July 28, 2007 by Nepali Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted July 28, 2007 Share Posted July 28, 2007 If you can't define it to a single PC then you have no choice but to look into 3rd party tools. Active Directory has no built in measures for keeping a user from logging into more than one place at a time. Link to comment Share on other sites More sharing options...
raolyn13 Posted July 31, 2007 Share Posted July 31, 2007 If the problem is the students leaving the machine while logged in, would implementing tighter session timeout work? Like 15 minutes, or so?I came across this discussion because I'm testing a new site for Microsoft Certified Professionals, and the site also allows simultaneous log in from different machines using the same credentials. We can't quite agree on whether/why this is an issue, and I'm wondering if the problem extends beyond someone leaving a machine unlocked while logged in, if there is any other reason why we would want to restrict this. We cetainly don't want to restrict which machines they use to log in, centralization is a part of the benefit of the site. But what other security risks does this pose? Not leaving a machine unlocked while logged in, but just the act of being able to log in on a different machine while already logged in?Thanks! Link to comment Share on other sites More sharing options...
Nepali Posted August 3, 2007 Author Share Posted August 3, 2007 there may arise several security issue.in my context, students doesn't know how the server is maintained or lets say, they aren't expert..so their project which are saved on there drive/folder may be deleted due to the unauthorized access when they are out for toilet, break, or if changed another computer/machine.Students aren't aware of being such circumstances, its just a simple reason to tell here as example..theres so many such issue, another example is some user are assined as the member of backup operator, internet user, or administrator, so just imagine, what will happen if anybody get that machine..... (coz teacher, lab assistant has to leave his computer and has to login on to the another computer to teach them, or students has to leave their computer and has to sit on his frens computer or blah blah...) to prevent all these, i am searching a bullet proof solution... thanks Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted August 3, 2007 Share Posted August 3, 2007 You need to force the screen to lock after a certain period of inactivity. Workstations left unattended in a 'public' area and not having a security policy in place to force the workstation to lock is just asking for trouble. Setting this policy can be enforced in a GPO.You should also instruct them to manually lock the workstation if they're leaving it for any period of time. They can do this on Windows XP/Vista by pressing the Windows Key + L key combination. On Windows 2000 you can do it by pressing Ctrl+Alt+Del and selecting Lock Computer. Link to comment Share on other sites More sharing options...
Brennen Posted August 3, 2007 Share Posted August 3, 2007 Or (Ctrl+Alt+Del)+K Link to comment Share on other sites More sharing options...
Nepali Posted August 5, 2007 Author Share Posted August 5, 2007 either i am not able to make u understand whats my need, or you are not getting me.those locking windows or telling my students to lock their session. here i have talked is just a example, lets suppose on bank,, thats the most sensitive place to work.. a single mistake will lead then to loose much..what i want is what i already told, no concurrent session, no other alternatives or simalar stuff won't work. locking workstation, telling students to lock their computer, restricting particular ip or computer will not solve my problem.You should also instruct them to manually lock the workstation if they're leaving it for any period of time.well, no inetraction is made with students, and i don't think everyone is computer expert, some just know only how to type, thats all,the only need is to lock concurrent session from any IP/computer Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted August 5, 2007 Share Posted August 5, 2007 You're right...we don't understand exactly why you need to do it. The bank example doesn't make sense either. If the user makes a mistake on one PC or another, the mistake is still made. In my line of work, the user is responsible for their account. If the user leaves a PC unattended and someone else uses their account, they're accountable. We have, however, moved to SmartCard logon and there is a policy set to automatically lock the workstation when they remove the SmartCard from the reader. So even if the user does logon to more than one PC at a time, they can't be left unattended. The user can't logon without using the SmartCard so they have to remove it from PC A (which locks it) to logon to PC B.Give these knowledge base articles a look. I found them with a simple Google search. http://support.microsoft.com/kb/237282http://support.microsoft.com/kb/260364The only way to do it with Microsoft tools is to purchase the Windows 2000 Resource Kit to get the CConnect.exe utility. Otherwise you'll need a 3rd party tool. Either way, you can't do it with anything that's built in. Link to comment Share on other sites More sharing options...
InTheWayBoy Posted August 8, 2007 Share Posted August 8, 2007 You could always go old-school and script it...I don't have an actual working script handy, but I used to work at a place that limited logins. The domain login script would query the file server to see if the user logging in is already connected to a particular network share. If they are the script halts, warns the user of the double-logon, and logs the user out. Of course this is not a turn-key solution but it's an option that won't require third-party software other than a custom script. Link to comment Share on other sites More sharing options...
m8rk Posted August 13, 2007 Share Posted August 13, 2007 Nepali - I think you misread my answer.LimitLogon is a FREE tool from Microsoft to achieve what you are looking for... to stop concurrent connections.People have achieved similar by scripting something to work in a similar way - write the logon details to a file and look up that file to see if a user is allowed to log on - if their details are found in the file then they're not permitted to log in again.Do you know about the education IT Tech Support forum edugeek.net ??There are several posts on this topic: http://edugeek.net/index.php?name=Forums&a...mp;mode=results Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now