Poll: Have this problem?

Be advised that this is a public poll: other users can see the choice(s) you selected.

+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 61
Windows Thread, Using GP - prevent a user on more than one pc? in Technical; Hi - and thanks for postin' You have a link at all? Ta, Nath...
  1. #16
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29

    Re: Using GP - prevent a user on more than one pc?

    Hi - and thanks for postin'

    You have a link at all?

    Ta,
    Nath

  2. #17

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Using GP - prevent a user on more than one pc?


  3. #18
    neilenormal's Avatar
    Join Date
    Jul 2005
    Location
    (Sunny) Sussex
    Posts
    49
    Thank Post
    1
    Thanked 9 Times in 8 Posts
    Rep Power
    20

    Re: Using GP - prevent a user on more than one pc?

    Quote Originally Posted by andy
    I think I know what you're getting at there - even that's a pain. I have 4 teacher machines where it would be desirable to restrict student's access to them. So can I say DO NOT ALLOW LOGON TO such a machine - NOPE! I have to say ALLOW LOGON TO the other 120 machines instead!! (and also do that for each of the 400 kids!).
    Here is one possible solution that we use here:
    These lines are from our KIX logon script. KIX is the quickest and easiest way of determining group membership at logon time. Our machine naming convention is "Room number" followed by "Machine number" OR "teacher" [so student PCs are 0101 and teacher PC called 01teacher in Room 1]

    ==
    if instr(@wksta, "teacher") <> 0 & ingroup("students") = 1
    $r = messagebox("Students are not allowed to logon to this machine!", "Warning",4160)
    logoff(1)
    goto exit
    endif
    ==

    Neilenormal

  4. #19
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,011
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Using GP - prevent a user on more than one pc?

    Anyone else implemented limitlogon yet? The fact it makes it's own partition in AD stops me from jumping in and testing it at this time due to other changes I have been doing to AD.

  5. #20
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 45 Times in 35 Posts
    Rep Power
    29

    Re: Using GP - prevent a user on more than one pc?

    I'll be trying something this week or next so stay tuned

    Nath

  6. #21

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,939
    Thank Post
    1,343
    Thanked 1,787 Times in 1,110 Posts
    Blog Entries
    19
    Rep Power
    595

    Re: Using GP - prevent a user on more than one pc?

    Quote Originally Posted by andy
    I think I know what you're getting at there - even that's a pain. I have 4 teacher machines where it would be desirable to restrict student's access to them. So can I say DO NOT ALLOW LOGON TO such a machine - NOPE! I have to say ALLOW LOGON TO the other 120 machines instead!! (and also do that for each of the 400 kids!).
    Why don't you just use the "deny logon locally" bit from the GPOs ... stiick all students in a security group and then add this group to the deny logon locally section of the policy.

    That way you can add or take people away from logging onto certain workstations as you need.

  7. #22

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Using GP - prevent a user on more than one pc?

    anyone know how well or not this works with cc3...

    Russ

  8. #23

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,599
    Thank Post
    109
    Thanked 765 Times in 596 Posts
    Rep Power
    181

    Re: Using GP - prevent a user on more than one pc?

    Quote Originally Posted by russdev
    anyone know how well or not this works with cc3...
    The way I understand it is that CC3 is AD with GPOs - at least that's how it was explained to me by the RM salesperson tthat came to see me (I was humouring them).

  9. #24

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Using GP - prevent a user on more than one pc?

    it is but this is rm we are talking about and they have mucked around it so much might be interesting to get it to work....

    hence why i asked if anyone has used it on cc3

  10. #25

    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    634
    Thank Post
    11
    Thanked 6 Times in 6 Posts
    Rep Power
    21

    Re: Using GP - prevent a user on more than one pc?

    Quote Originally Posted by GrumbleDook
    Why don't you just use the "deny logon locally" bit from the GPOs ... stiick all students in a security group and then add this group to the deny logon locally section of the policy.

    That way you can add or take people away from logging onto certain workstations as you need.
    Interesting... trying it now...

  11. #26

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Using GP - prevent a user on more than one pc?

    This is in this months windows it pro...

    Prevent Multiple Logons With GPOs

    Readers
    Reader to Reader
    InstantDoc #46952
    Windows IT Pro

    DOWNLOAD THE CODE:
    46952.zip


    IT Jobs at Dice

    Search 65k+ new IT jobs daily. Tech jobs at top companies.

    As a Microsoft Certified Trainer (MCT), I'm frequently asked about providing a solution that prevents a user from logging on to multiple PCs at the same time. There's a Microsoft solution to prevent multiple logons, but it's complicated. I found a simpler solution that uses logon and logoff scripts in Group Policy Objects (GPOs). Because GPOs can't be applied to Windows 9x or Windows NT, my solution works with only newer OSs (i.e., Windows Server 2003, Windows XP, and Windows 2000).

    There are three steps in my solution:
    Create and share a folder on the domain controller (DC). For this example, I created a folder named Logons on a DC named Rafetpc. The share name should be the same as the folder name (in this case, Logons). The share permission must be Everyone, Change because users will write and delete files on the DC.
    Download and customize Login.bat, which Listing 1 shows, and Logout.bat, which Listing 2 shows. You can download these scripts from the Windows IT Pro Web site. Go to http://www.windowsitpro.com, enter 46952 in the InstantDoc ID text box, then click the 46952.zip hotlink. To customize these scripts, replace each instance of \\rafetpc\logons\ in the code at callout A in Listing 1 and at callout A in Listing 2 with an appropriate path.
    In the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, go to the organizational unit (OU) that contains those users for whom you don't want to allow multiple logons. Create a GPO for this OU. In this GPO, navigate to User Configuration, Windows Settings, Scripts (Logon/Logoff). In the details pane, double-click Logon. Click Add in the Logon Properties dialog box, then click Browse in the Add a Script dialog box. Select the Login.bat file and click OK. Repeat the process for the logoff script by double-clicking Logoff in the details pane, clicking Add, Browse, selecting the Logout.bat file, and clicking OK. That's all.

    After performing these steps, whenever a user in the specified OU logs on, Login.bat will create two files in the folder on the DC. When the same user attempts to log on from another PC at the same time, Login.bat will check for the existence of these files. If the files are present, Login.bat will immediately log the user off from the second PC. When a user in the specified OU logs off from a PC, Logout.bat will delete the two files created by Login.bat so that the user can then log on to another machine.

    —Murat Yildirimoglu
    murat@muratyildirimoglu.com
    List 1
    Listing 1: Login.bat

    :: BEGIN CALLOUT A
    If Exist \\rafetpc\logons\%username%.txt Goto notlogon
    Echo %username% logged in from %computername% > \\rafetpc\logons\%username%.txt
    Echo %username% logged in from %computername% > \\rafetpc\logons\%computername%.txt
    :: END CALLOUT A
    Goto end
    :notlogon
    Logoff
    :end
    List2

    Listing 2: Logout.bat

    :: BEGIN CALLOUT A
    If Not Exist \\rafetpc\logons\%computername%.txt goto notlogon
    Del \\rafetpc\logons\%username%.txt
    Del \\rafetpc\logons\%computername%.txt
    :: END CALLOUT A
    Goto end
    :notlogon
    Logoff
    :en
    For subscribers here is the url http://www.windowsitpro.com/Windows/...952/46952.html

    going to try this tommrow on rm network...

    Russ

  12. #27
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,966
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Using GP - prevent a user on more than one pc?

    Cool - let us know how it goes wontcha

  13. #28

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,599
    Thank Post
    109
    Thanked 765 Times in 596 Posts
    Rep Power
    181

    Re: Using GP - prevent a user on more than one pc?

    It's pretty obvious really - so obvious that none of us thought of it!

  14. #29

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Using GP - prevent a user on more than one pc?

    yep and that is why i pay 16 odd quid month for subscription to there websites as that one article has saved me many many man hours doing something else..

    saying that having fun trying to get it to work on cc3 network once i know it works will post how to do it...

    Mainly as need to customize batch file to keep certain rm stuff working..

    Russ

  15. #30

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,926
    Thank Post
    709
    Thanked 552 Times in 367 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Using GP - prevent a user on more than one pc?

    well got it working on staff users on rm cc3

    next one student users keeps hanging at login..

    looks like something to do with restrictions....

    It is fun to get it work with cc3

    Russ

SHARE:
+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Prevent 'Log-in via dial up connection'
    By adamyoung in forum Windows
    Replies: 17
    Last Post: 12th October 2010, 04:02 PM
  2. Prevent users changing wallpaper ?
    By pinemarten in forum How do you do....it?
    Replies: 14
    Last Post: 14th January 2010, 04:15 PM
  3. Prevent hard drive changes
    By adamyoung in forum How do you do....it?
    Replies: 70
    Last Post: 20th June 2006, 12:32 PM
  4. Prevent users from moving folders ?
    By pooley in forum Windows
    Replies: 2
    Last Post: 9th May 2006, 10:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •