Windows Thread, Restrict Concurrent Logons using Domain Sessions? in Technical; Hi All,
I've been looking around at solutions to restricting users to only one logon, I've looked at cconnect (which ...
13th August 2008, 09:22 PM #1
Restrict Concurrent Logons using Domain Sessions?
I've been looking around at solutions to restricting users to only one logon, I've looked at cconnect (which I'm still trying to track down - need Server 2000 tools or something) and the other option is a fairly expensive UserLock software.
Other people have come up with clever ways of doing it using logon scripts to write to text files, or create folders or write to an SQL DB, but...
If you goto the domain controller, and right click 'My Computer', go to Manage, then under 'Shared Folders' you go to 'Sessions'.
I would assume that's a fairly accurate way of determining who is logged on where? (Please feel free to comment on just how accurate this is?)
Next question, is it possible to query the 'Sessions' from a vbscript startup script?
Any suggestions would be greatly recommended?
13th August 2008, 09:36 PM #2
I use Userlock at one site (but as you say, it's expensive). Microsoft have release a free utility called LimitLogon, however I never got it to work properly and I don't seem to be the only one!
13th August 2008, 10:05 PM #3
This is one feature of ranger / impero etc that could really do with replicating on vanilla.
13th August 2008, 10:10 PM #4
We use a logon script that makes a .txt file on a server. When the user tries to logon again it logs them off right away. Simple but effective.
13th August 2008, 10:31 PM #5
Sometimes sessions can get left behind, although the same applies to limitlogon too if a machine crashes.
14th August 2008, 07:08 AM #6
Using Userlock here too - though not tried it on Windows 2008 & Vista yet!!
14th August 2008, 09:14 AM #7
Ta for your suggestions guys,
I've been a bit sceptical of LimitLogon after Google'ing it and seeing pages of "problems installing" and we are about to move our DC/AD to Server 2008, does LimitLogon work on 2008?
None of you have tried the 'Sessions' route? I'm asking because I have no idea how to go about it myself
14th August 2008, 10:32 AM #8
im not to sure about the legitimacy of the session model sorry dude, isnt a session (im thinking, no real data to confirm this) only applicable as long as there is a file being accessed on that server. So on the DC (which one? another potential problem in session model) unless i file is accessed i would assume the session would dissapear.
I could be very wrong though and id like to hear the result of someone knows otherwise.
What i do - do is use is what you correctly said already. A MySql DB to write on logon and clear flag on logoff. Across about ...500 - 600 student logons a day we only get about 2 or 3 students whom have computer crashing/mate pulled the power plug/other non-graceful logoff which i think is pretty fair.
Besides the txt file writing, database manpulation methods i dont really think there are other methods of achieving this? Thinking way, way, way out of the box (as i do) you could enable auditing and run scripts against eventLog??
Possible .. and improbable.
What aspect of the txt writing, db manipulation is not sufficient for you needs anyway mate?
14th August 2008, 02:50 PM #9
Just to reassure Gatt about UserLock...
Yes UserLock is Windows Server 2008 and Vista compatible.
14th August 2008, 02:58 PM #10
How expensive is UserLock?
14th August 2008, 03:01 PM #11
Academic institutions get a 20% educational discount off this pricelist.
15th August 2008, 05:46 PM #12
You may be right about the sessions method, will have to look into it a little more, but I'm beginning to lean towards the MySQL method, do you read/write to the MySQL DB from the logon/logoff script?
Originally Posted by amfony
17th August 2008, 09:39 AM #13
I spent most of yesterday writing a console application in C# to handle the talking to a DB, you pass it the parameters such as username, IP address, computer name.
It then looks up from a mysql db all the current sessions for that username, adds a new one if appropriate, logs off if necessary etc.
First problem: Can't run the EXE from the netlogon folder... all sorts of permission errors blah blah...
So for testing, the logon script now copies the exe to the local machine then runs it.
that seems to work fine, but still not ideal.
second problem: The logoff script doesn't seem to run the exe... when you log off, the desktop dissapears and you get that little status thingy, "windows is logging you off", "closing network connections..." etc... that stuff, then it does the "running log off scripts"
and I think at that point its not capable of running an .exe and doing the whole mysql bit.
17th August 2008, 10:24 AM #14
Correction: It does run now when you log off, turns out I had a mistake in my logoff script... *oops*
Still, any suggestions as to how to get the exe to run from a network drive?
17th August 2008, 10:44 AM #15
I have not had issues with running exe files from the nelogon share but stuff like the old winnt printer connector exe.
You are probably having problems because your app is built in C# and relys on the .net framework which has a whole bunch of security settings that prevent running a .net application from a network share. You would need to change the .net runtime security settings on all of your client machines.
You can use VBS scripts to access databases directly and perform the kinds of operations that you are after which may be easier that a full scale war with the .net framework.
By meastaugh1 in forum Network and Classroom Management
Last Post: 5th January 2011, 12:18 PM
By mrforgetful in forum Wireless Networks
Last Post: 28th February 2008, 05:33 PM
By Ben_Stanton in forum Windows
Last Post: 30th August 2007, 09:56 AM
Last Post: 26th June 2007, 11:33 AM
By RobC in forum Wireless Networks
Last Post: 16th December 2005, 12:40 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)