+ Post New Thread
Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 69
Windows Thread, Stop Pupils Sharing their logins! in Technical; ...
  1. #46

    Join Date
    Aug 2008
    Location
    Northwest
    Posts
    79
    Thank Post
    1
    Thanked 10 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by localzuk View Post
    Interesting, a server side only option could work.
    I like the idea of using the event logs, that’s a blinder of an idea; you could effectively eliminate any client logging requirements. Are logon/off events logged with the computername information?


    Quote Originally Posted by localzuk View Post
    if someone's computer crashes, the server won't have record of it.
    Quote Originally Posted by localzuk View Post
    This is why the client side service would be more reliable - it would poll.

    For polling (serverside), all I currently do (in batch) is query any client that has an active open logon (that is to say – has a record in the share) to discover who (if anyone) is currently logged on. If the records match then all is well in the world. If not, I assume an orphaned file and delete it. I only check every 20 minutes, which means anyone who suffered a crash can a) log straight back on to the same PC, or b) wait a maximum of 20 minutes before logging on somewhere else.

    My logic was that 20 minutes would be long enough to be a punishment and short enough to make if not worth while tracking me down.

    So to pin those together maybe two timers one faster one taking care of forcing logoffs when multiple logons are detected (actuallt I’d hazard a guess that eventlog events probably trigger a hook-able event), and a second slower timer taking care of orphans.


    The whole thing could be totally server side then?

    It feels like a very elegant solution is bubbling to the surface in this thread.

  2. #47

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Multiple DCs = several places to look for logon events.

    If I were interested in doing something for this I'd start with: "How do those AD integration products for firewalls monitor logons?".

  3. #48

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,816
    Thank Post
    517
    Thanked 2,473 Times in 1,916 Posts
    Blog Entries
    24
    Rep Power
    836
    Quote Originally Posted by PiqueABoo View Post
    Multiple DCs = several places to look for logon events.
    True, but that could be written into the server side app - ie. deploy it on each server and have it coded to talk to other, configured, servers.

    If I were interested in doing something for this I'd start with: "How do those AD integration products for firewalls monitor logons?".
    I don't understand. What do you mean?

  4. #49

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Some posh and very serious firewalls of my acquaintance can be configured to apply policy based on Windows domain group membership etc. In order to do this the vendors will typically provide software that lives on all your DCs, to track who is logged on where at any point in time (and what groups they belong to). It's 99% the same problem.

    So how do they hook domain logon events (I don't mean event log events)?
    How do they detect logoffs?
    How do they deal with machines reset rather than logged off?
    Etc.

    PS: I've done event log event grabbing. The hook I found for that doesn't cut it because MS don't notify you for every single event i.e. you'll only get one notification with an event attached in a particular time slot (I forget how long). So you end up having to go look at the event log(s) anyway and enumerate the events that have turned up since last time, and when you're doing that you have to wonder whether it isn't easier to just skip the hooking and just go look at the event log from whatever point you were at last time every 10 secs or whatever. Oh and also accomodate log wrapping, clearing and so on. It's a bit fiddly.
    Last edited by PiqueABoo; 18th March 2010 at 10:43 PM. Reason: PS

  5. #50
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Arrow Logon and logoff events

    File servers usually show hundreds of logon and logoff events for the same user throughout the day, because each time a user maps a drive to a server, opens up a file on this server and then closes it, the file server closes (within just seconds or at the most a couple of minutes) that logon session and logs a logoff event …

    Good luck with the filtering!

    On the contrary, UserLock only logs an event when a user opens a desktop session, when he locks/unlocks his desktop and when he logs off.
    This will usually generate 4 events per day (maybe a bit more if a password protected screensaver is configured) and will allow SysAdmins to seamlessly analyze and archive session history.

  6. #51

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,816
    Thank Post
    517
    Thanked 2,473 Times in 1,916 Posts
    Blog Entries
    24
    Rep Power
    836
    Quote Originally Posted by FAA View Post
    File servers usually show hundreds of logon and logoff events for the same user throughout the day, because each time a user maps a drive to a server, opens up a file on this server and then closes it, the file server closes (within just seconds or at the most a couple of minutes) that logon session and logs a logoff event …

    Good luck with the filtering!

    On the contrary, UserLock only logs an event when a user opens a desktop session, when he locks/unlocks his desktop and when he logs off.
    This will usually generate 4 events per day (maybe a bit more if a password protected screensaver is configured) and will allow SysAdmins to seamlessly analyze and archive session history.
    Indeed, the logs do show multiple logons/off events for a single user. However, you are also forgetting your target market - schools. A pupil may log in and out of the network more than once in a day, depending on their lessons/clubs - so there is more than likely to be more than 4 events a day for your system...

    I've just had a look at the log, and filtered it down to a single one of our users and as you say there are many events for that user since they logged on at 7:30am. However, all those events contain the IP address of the machine they're using, so filtering it wouldn't be difficult - just add a chunk of code which checks to see if the new events are still on the same IP.

    However, I can see this sort of thing chewing through a substantial amount of resources, processing all the events, sending requests to machines etc... Doing it client-side would be a lot more bandwidth and server friendly.

    The problem I have with UserLock is the price, limiting logins isn't a task which I would consider spending money on, as it is a relatively minor issue. If it were a function of a larger suite of tools, then maybe, but £1655k for our 600 kid school , if we were to ever have a computer per child (or £730 for the current number of machines)? No chance - our entire network control package doesn't cost that much.
    Last edited by localzuk; 19th March 2010 at 08:23 AM.

  7. #52
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Arrow Budget issues

    Quote Originally Posted by localzuk View Post
    Indeed, the logs do show multiple logons/off events for a single user. However, you are also forgetting your target market - schools. A pupil may log in and out of the network more than once in a day, depending on their lessons/clubs - so there is more than likely to be more than 4 events a day for your system...
    You are right, but dozens of relevant events are manageable when hundreds are not.


    Quote Originally Posted by localzuk View Post
    The problem I have with UserLock is the price, limiting logins isn't a task which I would consider spending money on, as it is a relatively minor issue. If it were a function of a larger suite of tools, then maybe, but £1655k for our 600 kid school , if we were to ever have a computer per child (or £730 for the current number of machines)? No chance - our entire network control package doesn't cost that much.
    UserLock offers far more features than just limiting concurrent logins. Please check "Securing and optimizing a free access network", but I got your point.

    How many machines do you have in your network?
    Last edited by FAA; 19th March 2010 at 08:35 AM.

  8. #53
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I use a simple VB script that logs to an access Db (currently) it logs user logon and logoff, it works very well and it's free and simple.

    Code:
    On Error Resume Next
    
    Dim adoCn
    Dim adoRs
    Dim network
    Dim user
    Dim compname
    Dim strSQLInsert
    
    
    Dim WshShell ' <--- New 
    Set WshShell = CreateObject("WScript.Shell") ' <--- New 
    
    Set network = CreateObject("Wscript.Network")
    
    user = network.username
    compname = network.computername
    
    Set adoCn = CreateObject("ADODB.Connection")
    
    adoCn.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
               "Data Source=\\server\logs$\students.mdb" 'CHANGE THIS BIT
    
    'Check the connection opened ok           
    If Err.Number <> 0 Then           
    	Call ErrHandler
    End If
    
    ' ********************* NEW BIT *******************
    'Citrix specific section
     
    if UCase(Left(compname, 4) = "CITR") then
     
    	compname = UCase(WshShell.ExpandEnvironmentStrings("%CLIENTNAME%"))
     
    end if
    ' **************************************************
    
    strSQLInsert = "INSERT INTO [Log On] ([date], [time], [user], compname) " & _  
    	"VALUES ('" & Date & "', '" & Time & "', '" & user & "', '" & compname & "')"
    
    adoCn.Execute strSQLInsert, , 8
    
    'Check the data was inserted OK
    If Err.Number <> 0 Then           
    	Call ErrHandler
    End If
    
    adoCn.Close
    
    Set adoCn = Nothing
    Set network = Nothing
    
    
    
    
    
    Sub ErrHandler()
    Dim fso, f
    
    Const ForReading = 1, ForWriting = 2, ForAppending = 8
    
    Set fso = CreateObject("Scripting.FileSystemObject")
    
    Set f = fso.OpenTextFile("\\server\logs$\" & LogError & ".txt" , ForAppending, True)
    
    f.WriteLine Date & ", " & Time & ", " & user & ", " & compname & ", " & Chr(34) & Err.Description & Chr(34)
    f.Close
    
    Set fso = nothing
    
    Err.Clear
    
    End Sub
    I'm not a great coder
    Last edited by cookie_monster; 19th March 2010 at 08:50 AM.

  9. #54

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    File servers usually show hundreds of logon and logoff events for the same user throughout the day
    ::shrug again:: Enumerate AD for every computer that isn't a workstation in your domain, drop any logon activity where the associated computer is in that list. If necessary add some custom computers to the drop list via some app registry key. Now what does that leave you with? And how hard was that aspect?

    OK there will still be some things to deal with in the remainder, but I think the difficult bit (besides needing to get you head around making subauthentication packages for DCs), is knowing when someone pulled the plug out of the wall instead of logging off gracefully. I'm struggling to see a way of doing that centrally which doesn't involve polling your current list of computers-with-logged-on-users every so often...

    ..and having said that I'm struggling to see how a solution with client-side code hooking logon/off events would cope with that much better (you could do it in the other direction though i.e. have the client send a server some kind of "keep alive").

    PS: Doh.. polling ..I don't think we care unless some user logs on to a second machine i.e. that's the only point you really need to go look at what's happened on the first one. Or is my brain broken tonight?
    Last edited by PiqueABoo; 19th March 2010 at 09:08 PM. Reason: PS:

  10. #55

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,816
    Thank Post
    517
    Thanked 2,473 Times in 1,916 Posts
    Blog Entries
    24
    Rep Power
    836
    Quote Originally Posted by PiqueABoo View Post
    PS: Doh.. polling ..I don't think we care unless some user logs on to a second machine i.e. that's the only point you really need to go look at what's happened on the first one. Or is my brain broken tonight?
    Good point!! The server doesn't need to keep track of anything like log off events, it can just poll the machine which had a log on event, to see if it still valid! Very simple really!

  11. #56

    Join Date
    Jun 2008
    Posts
    105
    Thank Post
    33
    Thanked 3 Times in 3 Posts
    Rep Power
    13

    Smile

    I'm glad to see this issue is still being bounced around. I'm facing this issue over 5 schools with close to 4000 PC's. Userlock, though the "best" solution isn't an option due to budget.

    I can't wait to see where this is heading. For whatever reason, the LimitLogin requirements (IIS, Soap, client side programs) just don't seem reasonable.

    We're just this year coming from Novell which had the limiting of logins built it. We miss the ability! As an aside, Do I assume that Novell's abililty to do this was part of the Novell Client that was installed on each PC?

    I'll start poking around with this, but will have to do some serious testing before my boss will let me roll it out!

    Thanks for everyone looking at this!

  12. #57

    Join Date
    Jun 2008
    Posts
    105
    Thank Post
    33
    Thanked 3 Times in 3 Posts
    Rep Power
    13
    Quote Originally Posted by PiqueABoo View Post
    OK there will still be some things to deal with in the remainder, but I think the difficult bit (besides needing to get you head around making subauthentication packages for DCs), is knowing when someone pulled the plug out of the wall instead of logging off gracefully. I'm struggling to see a way of doing that centrally which doesn't involve polling your current list of computers-with-logged-on-users every so often...
    Maybe I'm missing something, but isn't the checking for logged in users easier than polling everyone?..

    For example:

    User1 logs in, (login script fires, creates files, etc). Power dies to PC. User files are still there, effectively leaving him logged in and unable to log into another PC.

    User1 goes to log in again, different PC. The server, upon seeing that the user is already logged in (supposedly) can poll the PC he was logged in from - if it's on, and he's logged in, deny login. In any other circumstance (PC is off, a different user is now logged in) wipe the files for User1 and let the User1 log in as normal.

    If it's done this way, there's no need to poll all the logged in users at perodic times, only when users are logging in - if they are already present.

    Am I missing something with this? ...and the likely harder question: is it easy / doable to poll a PC to get current user login info?

    Just brainstorming. Thanks for any feedback.

    (Edit) I think this was the same thing localzuk just said. My fault.
    Last edited by LCPSWolf; 22nd March 2010 at 02:24 PM.

  13. #58
    waldronm2000's Avatar
    Join Date
    Dec 2009
    Location
    Southend
    Posts
    129
    Thank Post
    49
    Thanked 12 Times in 11 Posts
    Rep Power
    12
    Quote Originally Posted by LCPSWolf View Post
    We're just this year coming from Novell which had the limiting of logins built it. We miss the ability! As an aside, Do I assume that Novell's abililty to do this was part of the Novell Client that was installed on each PC?
    No, it's derived from the fact that Novell is a much more clearly-defined client/server environment, as opposed to one that has evolved that way from a more peer-to-peer ancestry. The server environment in Novell is (or at least was when I used to use them) much more separate from the client environment, and better able to keep track of events like user logons centrally.

  14. Thanks to waldronm2000 from:

    LCPSWolf (22nd March 2010)

  15. #59
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Quote Originally Posted by waldronm2000 View Post
    No, it's derived from the fact that Novell is a much more clearly-defined client/server environment, as opposed to one that has evolved that way from a more peer-to-peer ancestry. The server environment in Novell is (or at least was when I used to use them) much more separate from the client environment, and better able to keep track of events like user logons centrally.


    Actually it's an active directory issue related to the multi master model. You could limit user logons in User Manager for Domains in the NT4 days. The NT4 client and server were more tightly integrated the change when moving to AD was massive and some features/abilities were lost however there were big gains managing multiple NT4 domain trusts was a PITA.
    Last edited by cookie_monster; 22nd March 2010 at 03:47 PM.

  16. #60
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74

SHARE:
+ Post New Thread
Page 4 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Stop pupils emailing each other Exchange 2003
    By tazz in forum How do you do....it?
    Replies: 12
    Last Post: 18th November 2010, 03:08 PM
  2. Stop pupils writing to root of C:\
    By gerardsweeney in forum How do you do....it?
    Replies: 14
    Last Post: 21st January 2010, 03:48 PM
  3. Primary schools: Foundation pupils logins
    By Little-Miss in forum How do you do....it?
    Replies: 24
    Last Post: 21st July 2009, 09:24 AM
  4. Stop pupils hiding documents
    By timbo343 in forum Windows
    Replies: 8
    Last Post: 19th November 2008, 09:53 PM
  5. Pupils puling out rj45 cable to stop scripts and policys
    By MManjra in forum Wireless Networks
    Replies: 13
    Last Post: 6th March 2006, 08:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •