immorall Posted April 5, 2006 Share Posted April 5, 2006 I was wondering if there was a way to limit a user to be able to log into the domain on a machine one a time. In other words, a user couldnt be logged into one machine and then go log into another machine, thus being logged into the domain twice Link to comment Share on other sites More sharing options...
jondercik Posted April 5, 2006 Share Posted April 5, 2006 no Link to comment Share on other sites More sharing options...
Mr Snrub Posted April 5, 2006 Share Posted April 5, 2006 (edited) I don't believe AD supports it, and with good reason:Novell's Directory Service supports that, and it causes a huge amount of problems - if a client machine hangs, or the user logoff event does not occur correctly, or if a machine is hibernated... how does the DS as a whole know that the user should be able to logon elsewhere?What happens if you have a replication problem between your authentication servers, so one thinks a user is logged on, where another does not?Unlocking user accounts is something that you have to do a lot with NDS because of this.Edit:So I was right and wrong AD doesn't natively support it, you have to extend the schema and use a bolt-on product on IIS.I still don't like the concept of it though, it's too flawed (easy to bypass, easy to break, possibly without even being aware). Edited April 5, 2006 by Mr Snrub Link to comment Share on other sites More sharing options...
Zartach Posted April 5, 2006 Share Posted April 5, 2006 I have not heared of a feature like this in AD either, but you can look at confining the user to a specific machine. You can specify on wich machines a user can log on to the AD. If you specify only one it basicly does what you want except the user will always have to use the same PC to log in.Hope it helps, Link to comment Share on other sites More sharing options...
cluberti Posted April 5, 2006 Share Posted April 5, 2006 You guys don't look too hard :http://www.microsoft.com/technet/technetma...ht/default.aspx Link to comment Share on other sites More sharing options...
Zartach Posted April 5, 2006 Share Posted April 5, 2006 (edited) Sweet piece of code that, i must have missed that cause i honestly had not heard of it been done with AD.Nice find ;-) Edited April 5, 2006 by Zartach Link to comment Share on other sites More sharing options...
cluberti Posted April 5, 2006 Share Posted April 5, 2006 Eh, I've got unfair advantages. Link to comment Share on other sites More sharing options...
ceez Posted April 7, 2006 Share Posted April 7, 2006 at work we use a software called "userlock" and currently have it to allow only 2 logins. Pretty simple to use. In regards to the limitlogin our IT Director used to use it but says that it wasnt all the reliable. go figure! Link to comment Share on other sites More sharing options...
cluberti Posted April 7, 2006 Share Posted April 7, 2006 I can vouch that if it's set up correctly (meaning everything in AD is working PROPERLY! ), limitlogon works just fine. Link to comment Share on other sites More sharing options...
InTheWayBoy Posted April 7, 2006 Share Posted April 7, 2006 I was playing with an desktop management application (Desktop Authority), and it looks like it used mapped drive checking to accomplish this. I guess it would check with the server for open sessions to certain shares, and then if it found one it would log off the other logins. Or something like that...just an idea if you are wanting to do it all using scripts. Link to comment Share on other sites More sharing options...
amfony Posted April 8, 2006 Share Posted April 8, 2006 hello ladies and gentlemen,I wrote a vbscript version of a pre-concieved cmd script to do just this. This design is based on great logic and i have a much more customised one for my work situation.My work is currently hosted at computerperformance.co.uk. Ill try and get a link. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now