Jump to content

[help] same user can logon from different machine.


Nepali

Recommended Posts

might be the simple one, but i couldn't get how to disable the same users to logon to the same domain from different machin simaltaneously.

in my context:

2000 Adv server as server "domain=radius"

2000 pro as client

test as user

24 machines

same test user can logon to the doman from all machines.

i want only one accout to be logon to the domain at a time from one machine and that same account shouldn't be logon from another machine with same username.

Link to comment
Share on other sites


hmm - how many times have we heard that before! :)

There's also UserLock which costs about £2.50 per client. The predecessor to limitlogon was CConnect - but that was insecure.

Link to comment
Share on other sites

within active directory, you can set what machines the client is able to logon too. Under the account tab for that user, just set the computer that they are suppose to be logging into there and then that is the only machine they will be able to logon too

Link to comment
Share on other sites

isn't it possible without any additional addons

doesn't microsoft have such policy defined ?

i think this is very common issue... that anyone can overcome

hmm - how many times have we heard that before!

There's also UserLock which costs about £2.50 per client. The predecessor to limitlogon was CConnect - but that was insecure.

i am not concerned with third party tools, anyway thanks for ur effort..

within active directory, you can set what machines the client is able to logon too. Under the account tab for that user, just set the computer that they are suppose to be logging into there and then that is the only machine they will be able to logon too

Well this is not practicable for me as the domain is in college, and student can sit on any machine.. so i can let the IP or computer to be difined. the only way to restrice them is username/account.

What my students do is, they login on one machine, and leave the machine open and again sit on another machine, resulting third student can use his previous computer and delete all his data.

Edited by Nepali
Link to comment
Share on other sites

If the problem is the students leaving the machine while logged in, would implementing tighter session timeout work? Like 15 minutes, or so?

I came across this discussion because I'm testing a new site for Microsoft Certified Professionals, and the site also allows simultaneous log in from different machines using the same credentials. We can't quite agree on whether/why this is an issue, and I'm wondering if the problem extends beyond someone leaving a machine unlocked while logged in, if there is any other reason why we would want to restrict this. We cetainly don't want to restrict which machines they use to log in, centralization is a part of the benefit of the site. But what other security risks does this pose? Not leaving a machine unlocked while logged in, but just the act of being able to log in on a different machine while already logged in?

Thanks!

Link to comment
Share on other sites

there may arise several security issue.

in my context, students doesn't know how the server is maintained or lets say, they aren't expert..

so their project which are saved on there drive/folder may be deleted due to the unauthorized access when they are out for toilet, break, or if changed another computer/machine.

Students aren't aware of being such circumstances, its just a simple reason to tell here as example..

theres so many such issue,

another example is some user are assined as the member of backup operator, internet user, or administrator, so just imagine, what will happen if anybody get that machine..... (coz teacher, lab assistant has to leave his computer and has to login on to the another computer to teach them, or students has to leave their computer and has to sit on his frens computer or blah blah...)

to prevent all these, i am searching a bullet proof solution...

thanks

Link to comment
Share on other sites

You need to force the screen to lock after a certain period of inactivity. Workstations left unattended in a 'public' area and not having a security policy in place to force the workstation to lock is just asking for trouble. Setting this policy can be enforced in a GPO.

You should also instruct them to manually lock the workstation if they're leaving it for any period of time. They can do this on Windows XP/Vista by pressing the Windows Key + L key combination. On Windows 2000 you can do it by pressing Ctrl+Alt+Del and selecting Lock Computer.

Link to comment
Share on other sites

either i am not able to make u understand whats my need, or you are not getting me.

those locking windows or telling my students to lock their session.

here i have talked is just a example, lets suppose on bank,, thats the most sensitive place to work.. a single mistake will lead then to loose much..

what i want is what i already told, no concurrent session, no other alternatives or simalar stuff won't work. locking workstation, telling students to lock their computer, restricting particular ip or computer will not solve my problem.

You should also instruct them to manually lock the workstation if they're leaving it for any period of time.

well, no inetraction is made with students, and i don't think everyone is computer expert, some just know only how to type, thats all,

the only need is to lock concurrent session from any IP/computer

Link to comment
Share on other sites

You're right...we don't understand exactly why you need to do it. The bank example doesn't make sense either. If the user makes a mistake on one PC or another, the mistake is still made. In my line of work, the user is responsible for their account. If the user leaves a PC unattended and someone else uses their account, they're accountable. We have, however, moved to SmartCard logon and there is a policy set to automatically lock the workstation when they remove the SmartCard from the reader. So even if the user does logon to more than one PC at a time, they can't be left unattended. The user can't logon without using the SmartCard so they have to remove it from PC A (which locks it) to logon to PC B.

Give these knowledge base articles a look. I found them with a simple Google search. :)

http://support.microsoft.com/kb/237282

http://support.microsoft.com/kb/260364

The only way to do it with Microsoft tools is to purchase the Windows 2000 Resource Kit to get the CConnect.exe utility. Otherwise you'll need a 3rd party tool. Either way, you can't do it with anything that's built in.

Link to comment
Share on other sites

You could always go old-school and script it...I don't have an actual working script handy, but I used to work at a place that limited logins. The domain login script would query the file server to see if the user logging in is already connected to a particular network share. If they are the script halts, warns the user of the double-logon, and logs the user out. Of course this is not a turn-key solution but it's an option that won't require third-party software other than a custom script.

Link to comment
Share on other sites

Nepali - I think you misread my answer.

LimitLogon is a FREE tool from Microsoft to achieve what you are looking for... to stop concurrent connections.

People have achieved similar by scripting something to work in a similar way - write the logon details to a file and look up that file to see if a user is allowed to log on - if their details are found in the file then they're not permitted to log in again.

Do you know about the education IT Tech Support forum edugeek.net ??

There are several posts on this topic: http://edugeek.net/index.php?name=Forums&a...mp;mode=results

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...