I use Userlock at one site (but as you say, it's expensive). Microsoft have release a free utility called LimitLogon, however I never got it to work properly and I don't seem to be the only one!
I've been looking around at solutions to restricting users to only one logon, I've looked at cconnect (which I'm still trying to track down - need Server 2000 tools or something) and the other option is a fairly expensive UserLock software.
Other people have come up with clever ways of doing it using logon scripts to write to text files, or create folders or write to an SQL DB, but...
If you goto the domain controller, and right click 'My Computer', go to Manage, then under 'Shared Folders' you go to 'Sessions'.
I would assume that's a fairly accurate way of determining who is logged on where? (Please feel free to comment on just how accurate this is?)
Next question, is it possible to query the 'Sessions' from a vbscript startup script?
Any suggestions would be greatly recommended?
This is one feature of ranger / impero etc that could really do with replicating on vanilla.
We use a logon script that makes a .txt file on a server. When the user tries to logon again it logs them off right away. Simple but effective.
Sometimes sessions can get left behind, although the same applies to limitlogon too if a machine crashes.
Using Userlock here too - though not tried it on Windows 2008 & Vista yet!!
Ta for your suggestions guys,
I've been a bit sceptical of LimitLogon after Google'ing it and seeing pages of "problems installing" and we are about to move our DC/AD to Server 2008, does LimitLogon work on 2008?
None of you have tried the 'Sessions' route? I'm asking because I have no idea how to go about it myself
im not to sure about the legitimacy of the session model sorry dude, isnt a session (im thinking, no real data to confirm this) only applicable as long as there is a file being accessed on that server. So on the DC (which one? another potential problem in session model) unless i file is accessed i would assume the session would dissapear.
I could be very wrong though and id like to hear the result of someone knows otherwise.
What i do - do is use is what you correctly said already. A MySql DB to write on logon and clear flag on logoff. Across about ...500 - 600 student logons a day we only get about 2 or 3 students whom have computer crashing/mate pulled the power plug/other non-graceful logoff which i think is pretty fair.
Besides the txt file writing, database manpulation methods i dont really think there are other methods of achieving this? Thinking way, way, way out of the box (as i do) you could enable auditing and run scripts against eventLog??
Possible .. and improbable.
What aspect of the txt writing, db manipulation is not sufficient for you needs anyway mate?
Yes UserLock is Windows Server 2008 and Vista compatible.
How expensive is UserLock?
Academic institutions get a 20% educational discount off this pricelist.
I spent most of yesterday writing a console application in C# to handle the talking to a DB, you pass it the parameters such as username, IP address, computer name.
It then looks up from a mysql db all the current sessions for that username, adds a new one if appropriate, logs off if necessary etc.
First problem: Can't run the EXE from the netlogon folder... all sorts of permission errors blah blah...
So for testing, the logon script now copies the exe to the local machine then runs it.
that seems to work fine, but still not ideal.
second problem: The logoff script doesn't seem to run the exe... when you log off, the desktop dissapears and you get that little status thingy, "windows is logging you off", "closing network connections..." etc... that stuff, then it does the "running log off scripts"
and I think at that point its not capable of running an .exe and doing the whole mysql bit.
Correction: It does run now when you log off, turns out I had a mistake in my logoff script... *oops*
Still, any suggestions as to how to get the exe to run from a network drive?
I have not had issues with running exe files from the nelogon share but stuff like the old winnt printer connector exe.
You are probably having problems because your app is built in C# and relys on the .net framework which has a whole bunch of security settings that prevent running a .net application from a network share. You would need to change the .net runtime security settings on all of your client machines.
You can use VBS scripts to access databases directly and perform the kinds of operations that you are after which may be easier that a full scale war with the .net framework.
There are currently 1 users browsing this thread. (0 members and 1 guests)