Mac Thread, Prevent multiple logins in Technical; Our Macs are setup with the usual golden triangle logins.One thing I would like to do but haven't found a ...
25th June 2012, 02:06 PM #1
Prevent multiple logins
Our Macs are setup with the usual golden triangle logins.One thing I would like to do but haven't found a way to yet, is to stop users logging on to more than Mac at a time.
I know theres an option in WGM where you can uncheck 'Allow simultaneous login on managed computers' but I'd have to do this for all of our users indivudually when I would ideally like to do it by group.
Is there anyway of doing this? I did it with our windows machines using scripts but I'm not sure how to go about that with the macs.
25th June 2012, 02:38 PM #2
If these are windows users then I'm not sure how you would do this for each user anyway as it won't be able to save the setting. After checking my my account just after refreshing the changes made, the the checkbox is just re-ticked.
If you are changing the setting for OD users you should be able to select multiple users and then toggling the setting like that.
In theory if the setting is just a plist file you may be able to push it out via WGM as a managed preference. Seeing as it is in the accounts section though, this may not be possible.
25th June 2012, 02:49 PM #3
Yes these are AD users organised into OD groups for deploying preferences.
I can see the setting at a user level. I didn't realise it would reset so maybe this is a non-starter
25th June 2012, 03:00 PM #4
There may be other ways. A defaults write a plist file/augmented record. The info may sit in the Schema though which would be the reason the info is reset afterwards on refresh. A possible AD schema extension (if you can find the right bit to hold this data) may be possible too?
25th June 2012, 03:12 PM #5
The only other way I was thinking was if the user ran a login script which created/checked for a file in their home folder. If the file exists, log them off otherwise create it. I haven't got a clue how to do that in osx, but its roughly what I did for the windows PCs
25th June 2012, 03:38 PM #6
I don't think you can do this. We had it running when we were running Open Directory, as that did the authentication and you ticked the box in WGM and it just worked. Since we moved to AD you have the Windows machine doing the authentication things start to get....well, they don't work.
You could create a login hook that creates or copies a file called 'user' in their home folder. If that file already exists it logs the user out. You'd then have a logout hook that rm's the file on clean log out. However this will be annoying of the machine crashes and there isn't a clean log out for the user as it won't let them log in at all (similar to Firefox not exiting properly!).
By flexyjerkov in forum Windows
Last Post: 26th June 2012, 02:35 PM
By jgcracknell in forum Windows Server 2008 R2
Last Post: 7th March 2011, 11:09 PM
By cgiuk in forum Windows
Last Post: 1st July 2009, 10:45 AM
By FAA in forum Windows Vista
Last Post: 8th September 2008, 10:48 AM
By ctbjs in forum How do you do....it?
Last Post: 22nd January 2008, 08:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)