+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 69
Windows Thread, Stop Pupils Sharing their logins! in Technical; Dear Steve, Please find here UserLock detailed licensing and pricing . As you will see, the price goes down as ...
  1. #16
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Arrow UserLock pricing

    Dear Steve,

    Please find here UserLock detailed licensing and pricing.

    As you will see, the price goes down as the amount of user session licenses purchased goes up, and for 1,000 licenses, public unit price amounts to EUR 2.80 / USD 3.84 (app GPB 2.50).
    UserLock’s licensing scheme is per maximum simultaneous sessions on your network. This usually amounts to the total workstations, and NOT the total number of users.


    More, IS Decisions offers a 20% discount to academic and educational organizations and is ready to thoroughly consider any kind of special bid.

    Please feel free to directly contact IS Decisions: info@isdecisions.com to get a personalized quote.

    Warm regards,
    François
    Last edited by FAA; 18th March 2010 at 10:30 AM.

  2. #17
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,774
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    I was on the user lock website and bought 515 licences the quote was $2,338.10 or £1532.34 this a per workstation price with 1 year of updates.

    Still I can't believe this feature isn't built into active directory!

  3. #18


    Join Date
    Sep 2008
    Posts
    1,748
    Thank Post
    320
    Thanked 258 Times in 211 Posts
    Rep Power
    119
    Quote Originally Posted by srochford View Post
    Do you record who logs on where? If not, why not - it's really useful to have that info and you'll find loads of threads here with info on how to do it.

    Once you've got that, collect the info and parse it every day to find any user who was logged on to more than 2 machines at the same time. Pass that info to form teacher, head of year, whatever and get them to deal with it.

    You can spend a long time trying to find ways to do this; none of them is perfect, all of them will cause grief in various ways (not least the bullying that will be triggered as kids who "need" another logon will beat up a weaker child to get their logon details)
    I did this with the Limit Logon script from here. It logged the computer and user logons so you could see everytime each user/computer was used. It creates a temp file when a user logs on and deletes it when logging off. When a users logs on, it checks for the file and if it exists logs them off again. Do a seach and you should find it(or someone else will link it)

    It was especially useful to eliminate errors caused by the user. We used to have a number of pupils who would just turn the power off to the computer and then wouldn't be able to log back on. Of course if you asked them, they never did it, but once you know thats what happens, you can provide the information to the teacher to *try and ensure they log on and off properly.

  4. #19
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Arrow Logon scripts

    You can indeed develop logon scripts allowing to enforce single logon however these scripts are based on a hidden share in which logon scripts create and delete files.

    This is a very dangerous solution because scripts run as logged on users, and all users therefore need full access to the hidden share.

    Once a rogue user has understood how it works and were the hidden share is located (path can easily be retrieved from the user registry), he/she can remove its own session, kill the whole session database or add sessions that don’t exist to other users as a (bad) joke.

    Consequently, such a solution adds more potential security problems than it solves ...

  5. #20


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,506
    Thank Post
    227
    Thanked 848 Times in 727 Posts
    Rep Power
    287
    possibly not an ideal solution but i cant see why it wouldnt work

    add to your logon script a check for say user area\loggedin.txt and if it find it run shutdown /l if it dosent find it create it (and hide it) and login as normal. then add a logout script that deletes it

    quick and dirty but should work
    and you could probably write a script to clear and files overnight incase of people just turning off pcs etc

  6. #21

    broc's Avatar
    Join Date
    Jan 2006
    Location
    England
    Posts
    2,046
    Thank Post
    104
    Thanked 401 Times in 265 Posts
    Rep Power
    150
    There is a facility in Impero that does this.... although licencing Impero for just this one feature would be expensive.....

  7. #22

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,668
    Thank Post
    1,614
    Thanked 1,867 Times in 1,385 Posts
    Blog Entries
    2
    Rep Power
    400
    All logins are limited to 1 session at a time. The only exception to this is the generic staff and pupil login for the ICT suite where it is limited to 10.

    This is done via GPO for the user accounts on Server 2008 R2

  8. #23

    Join Date
    Mar 2010
    Location
    Paris
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    This is done via GPO for the user accounts on Server 2008 R2
    Interesting.
    How did you do via GPO? I don't find the one doing that. I only find the TS restriction.

  9. #24

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,575
    Thank Post
    834
    Thanked 873 Times in 726 Posts
    Blog Entries
    9
    Rep Power
    324
    Quote Originally Posted by nephilim View Post

    This is done via GPO for the user accounts on Server 2008 R2
    Probably being bline but I couldn't see anything in GPO's. Does the domain need to be at 2008R2 function level for this to appear?

  10. #25
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    hi

    I have seen it done with a script at logon that checks for a folder created in a share. If it find it it logs off. If it does not find it it creates it creates a folder with the username and does nothing else. On log off it deleted the folder.

    i have looked all over for the scipts but cannot find them sorry.

    Richard

  11. #26

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    We use Userlock - really like it.. ontop of restricting the kids to 1 login; a while back we strongly suspected that a staff account had been compromised and via userlock had it set to email me as soon as this member of staff signed in anywhere.. needless to say the student was caught red handed whilst sat there looking at "applying personal settings" waiting for the staff desktop to appear

    But yes I do wonder why this isn't something that is just integrated into windows server / AD.

  12. #27
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Arrow Holes in Windows Login Controls

    Quote Originally Posted by ssiruuk2 View Post
    But yes I do wonder why this isn't something that is just integrated into windows server / AD.
    You will find detailed information in our whitepaper titled "8 Holes in Windows Login Controls"

  13. #28
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Is it really such a big problem?

    We just pick them up as and when it's a problem, we track users using an access Db so we can tell if someone was logged on in more than one location we can then cross reference this on the IP cameras. It's not something that we see as a big issue.

  14. #29
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    I have written up what I can remember but you need to test this


    Create a folder on a server and set the NTFS permissions so students can write to it.
    Share the folder so students have full control
    Create a muliuserlogon.bat and put the following in
    Code:
    title Check if user loged in
    
    
    echo Checking to see if folder exists
    
    
    if not exist "\\server\share\%username%" goto logoff
    
    :logon
    echo Make directory
    mdir "\\server\share\%username%"
    goto End
    
    :logoff
    echo Logging off
    shutdown -l
    
    :End
    Create a multiuserlogoff.bat and put the following in it

    Code:
    echo Remove folder
    rd "\\server\share\%username%" /s /q
    Now copy a testuser to a new ou for testing
    DO NOT USER ON ADMINISTRATORS AND MANAGER ACCOUNTS
    create a gpo and link to the test user ou
    link the log on and log off scripts in the gpo for the test user

    Now run a gpupdate /force /boot on a client machine.

    Log the test user on and check they can log on ok.

    Check the file is created in the share.

    You can also see the students who are logged in at any time once it is implemented,

    Then try to log the test user onto another computer and it should log off because it finds the folder created by the first account logon.

    Log the first test user off and it should delete the folder. You need to check this.

    Now try logging on again with the second machine.

    If a machine crashes you might have to delete the folder manually.

    I also think a script was run over night to clear any folders left in the share as a just in case.

    Please test this carefully before making it live as I am working from memory and the scipts are not tested.

  15. #30
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Arrow Serious problems ...

    Quote Originally Posted by cookie_monster View Post
    Is it really such a big problem?
    IMHO, not implementing efficient login session controls in an educational organization might cause serious problems. Think of these situations for example:

    - It’s very easy for students to disclose their credentials to unauthorized third parties as there is no consequence on their own access to the network.
    Thus, several workstations can unduly be blocked by one user and serious security flaws can occur (e.g.: server attacks).

    - A student/pupil having managed to get a teacher’s credentials will be able to access confidential information (exam questions, results, etc…) from any workstation on the network.

    - In the event of abnormal or suspicious behavior having been detected on a workstation, Windows native features will not allow the administrator to remotely disconnect the user or lock the session from a central console or any online computer

    - If a student/pupil leaves his session open or locked, the workstation is unavailable to all other students/pupils willing to login with their own account.

SHARE:
+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Stop pupils emailing each other Exchange 2003
    By tazz in forum How do you do....it?
    Replies: 12
    Last Post: 18th November 2010, 03:08 PM
  2. Stop pupils writing to root of C:\
    By gerardsweeney in forum How do you do....it?
    Replies: 14
    Last Post: 21st January 2010, 03:48 PM
  3. Primary schools: Foundation pupils logins
    By Little-Miss in forum How do you do....it?
    Replies: 24
    Last Post: 21st July 2009, 09:24 AM
  4. Stop pupils hiding documents
    By timbo343 in forum Windows
    Replies: 8
    Last Post: 19th November 2008, 09:53 PM
  5. Pupils puling out rj45 cable to stop scripts and policys
    By MManjra in forum Wireless Networks
    Replies: 13
    Last Post: 6th March 2006, 08:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •