+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Thread, My script to prevent multiple logins in Technical; Thought I'd share my work with those out there, It's two simple vbs scripts which prevents multiple user logins. It ...
  1. #1

    Join Date
    Oct 2006
    Posts
    146
    Thank Post
    1
    Thanked 13 Times in 7 Posts
    Rep Power
    33

    Post My script to prevent multiple logins

    Thought I'd share my work with those out there, It's two simple vbs scripts which prevents multiple user logins.
    It will also log all failed attempts into a log file labled LoginsDenied.log.
    This can be useful for those who keep trying to bypass the system by using friends accounts.

    Reason I wrote this script was due to finding out LimitLogin was not supported on 2008 server and due to problems I had running it back on 2003.

    Login.vbs
    Code:
    '== Limit User Logins
    '== Written by: James Gzowski (2010)
    '== Logon Script
    
    '== This script consists of two parts, Logon.vbs & Logoff.vbs
    '== The script is designed to prevent multiple logons on a network from different workstations
    '== This will not work for Terminal Servers where each user will login on the same server.
    '== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in.
    '== If this happens, the user can either relog into the workstation or request their session files are deleted
    '== from the ServerShare, these files will be named: <Username>_<Workstation>.txt and <Username>.txt.
    
    'Set Objects
    Set oShell = CreateObject( "WScript.Shell" )
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    SET WshShell = createObject("WScript.shell")
    ServerShare = "\\SERVERPATH\SHARE" 'Requires Users Full Read/Write Access
    
    'Get Username & Workstation
    UserID=oShell.ExpandEnvironmentStrings("%UserName%")
    WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
    
    'Check If Users Logged In'
    If objFSO.FileExists ( ServerShare & UserID & ".txt") then
    
    	'Report Failed Login To LoginsDenied.log
    
    	If objFSO.FileExists (ServerShare & "LoginsDenied.log") then
    
    		SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsDenied.log", 8, True)
    		ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID)
    
    	else
    		Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsDenied.log")	
    		ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID)
    
    	End If
    
    	ObjFile.Close
    
    	'Shutdown Process'
    	shutdown = "shutdown /l"
    	WshShell.Popup _
    	"You are already logged into another workstation." & vbcrlf & _
    	"If this is not you please contact the network office." & vbcrlf & vbcrlf & _
        "This event has be logged to track possible account misuse." & vbcrlf & vbcrlf & _
        "You will now be logged off",20,"Multiple User Login Detected: " & UserID,16
    	WshShell.Run(shutdown)
    	SET WshShell = Nothing
    	
    Else
    
    	'Create Text Files
    	Set objFile = objFSO.CreateTextFile(ServerShare & UserID & "-" & WorkstationID & ".txt")
    	Set objFile = objFSO.CreateTextFile(ServerShare & UserID & ".txt")
    	ObjFile.Write(WorkstationID & " at " & Time)
    	ObjFile.Close
    
    	'Report Accepted Login To LoginsAllowed.log
    	If objFSO.FileExists (ServerShare & "LoginsAllowed.log") then
    
    		SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsAllowed.log", 8, True)
    		ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID)
    
    	else
    		Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsAllowed.log")	
    		ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID)
    
    	End If
    
    	ObjFile.Close
    
    End If
    Logoff.vbs
    Code:
    '== Limit User Logins
    '== Written by: James Gzowski (2010)
    '== Logoff Script
    
    '== This script consists of two parts, Logon.vbs & Logoff.vbs
    '== The script is designed to prevent multiple logons on a network from different workstations
    '== This will not work for Terminal Servers where each user will login on the same server.
    '== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in.
    '== If this happens, the user can either relog into the workstation or request their session files are deleted
    '== from the ServerShare, these files will be named: <Username>_<Workstation>.txt and <Username>.txt.
    
    'Set Objects
    Set oShell = CreateObject( "WScript.Shell" )
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    ServerShare = "\\SERVERPATH\SHARE" 'Requires Users Full Read/Write Access
    
    'Get Username & Workstation
    UserID=oShell.ExpandEnvironmentStrings("%UserName%")
    WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
    
    'Check If Login Session Is Correct To Workstation & User'
    If objFSO.FileExists (ServerShare & UserID & "-" & WorkstationID & ".txt") then
    
    	'Delete Session File On Logout
    	objFSO.DeleteFile(ServerShare & UserID & "-" & WorkstationID & ".txt")
    	objFSO.DeleteFile(ServerShare & UserID & ".txt")
    	
    End If

  2. 3 Thanks to flexyjerkov:

    caffrey (1st December 2011), DaveP (7th April 2010), mac_shinobi (21st July 2010)

  3. #2

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,107
    Thank Post
    352
    Thanked 1,320 Times in 905 Posts
    Blog Entries
    4
    Rep Power
    1135
    I am giving your scripts a go. The ones I was using until now [and may go back to] were a little flaky at times.

    Thanks.

  4. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    If a student just unplugs the machine or its reset the machine, am i right saying that this wont get rid of the text file so when they next login it will show them as logged on.

    Zak

  5. #4

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,107
    Thank Post
    352
    Thanked 1,320 Times in 905 Posts
    Blog Entries
    4
    Rep Power
    1135
    Quote Originally Posted by FN-GM View Post
    If a student just unplugs the machine or its reset the machine, am i right saying that this wont get rid of the text file so when they next login it will show them as logged on.

    Zak
    Yes I think that is correct. This was one of the problems I had with the other scripts I was using until recently. However I am hoping to see benefits over and above this problem

  6. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    I created a script just like this one that had this problem. It was abit of a pain really.

    Something i did do was in the middle of the night is to setup a scheduled task to get rid of all the old text files so there wouldn't be any logon problems the next morning.

  7. #6

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,107
    Thank Post
    352
    Thanked 1,320 Times in 905 Posts
    Blog Entries
    4
    Rep Power
    1135
    Quote Originally Posted by FN-GM View Post
    Something i did do was in the middle of the night is to setup a scheduled task to get rid of all the old text files so there wouldn't be any logon problems the next morning.
    I had this set up in conjunction with my old script. I will set it up again with this new one. Will need to be careful to only delete the 'hanging' user and station files. My old script had the records of allowed/denied logons in folders separated from the usernames and station names logs.

  8. #7
    waldronm2000's Avatar
    Join Date
    Dec 2009
    Location
    Southend
    Posts
    129
    Thank Post
    49
    Thanked 12 Times in 11 Posts
    Rep Power
    12
    As it creates a file whose name is made up of the username and computer name, it would be possible to check whether the new login is on the same workstation as the existing login, and if so allow it even though the user is still recorded as currently logged in.

  9. #8

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    This kind of thing should work if you have kids who are not very clued up. The problem with anything that relies on open shares and text files is that if you have tech savvy kids then they can read the files and change or delete them (and of necessity, they can read the script to work out what's going on)

    I can also just copy "stuff" into the folder so that it fills up and brings everything grinding to a halt.

    Ideally, you want something which is talking to a remote service that can control the workstation. This means that if I carry out the "logoff" action from my workstation so that I can go to a second machine then I actually get logged off and can't just carry on using it (as I could with your script).

    Sorry if that sounds very negative but this really is one of those areas where you either have to accept that it's a people problem, not a technology one, or you have to have technology which is much cleverer than your kids :-)

  10. #9

    Join Date
    Oct 2006
    Posts
    146
    Thank Post
    1
    Thanked 13 Times in 7 Posts
    Rep Power
    33
    In my instance the share is a hidden share. + I dont allow network browsing other than our mapped drives. As for the file if a forced reboot... Users can relog on the same workstation, this will kill their old session but force a logout as of the old active one. I also get sessions to clear at both lunch time and evening. Kids do learn to logoff over time. + Keeping logs allows me to track the little ***** who thief mice etc...

    + Kids have no idea on what scripts run which makes life easier.

    One idea woud be to check for multiple records in which a Workstation has within the files and delete the oldest. Also the logoff script doesnt run until the child has actually clicked logoff or shutdown on the machine which would prevent them tricking the machine that they've logged off. Also the typical users who try to avoid single login are the ones who have banned internet access.
    Last edited by flexyjerkov; 7th April 2010 at 03:45 PM.

  11. #10
    TheLibrarian
    Guest
    I always thought the easy way to do this was to have the roaming profile directory that is share that only accepts one connection, and the workstation GPO (IIRC) does not allow log in if the profile can't be loaded.

    The down side is that the browse list gets to be huge with all those shares in it.

    Just my £0.02.

  12. #11

    Join Date
    Oct 2006
    Posts
    146
    Thank Post
    1
    Thanked 13 Times in 7 Posts
    Rep Power
    33

    Post

    I've made additions to the code now to automatically delete an old user session if someone else logs into that same machine. For us when users are always in the computer rooms it'll ensure that even if a user forgets to log out and hits the power switch, the next user will clear their old session for them.
    Code Below:

    Logon.vbs
    Code:
    '== Limit User Logins
    '== Written by: James Gzowski (2010)
    '== Logon Script
    
    '== This script consists of two parts, Logon.vbs & Logoff.vbs
    '== The script is designed to prevent multiple logons on a network from different workstations
    '== This will not work for Terminal Servers where each user will login on the same server.
    '== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in.
    '== If this happens, then the next user to log into their workstation will clear their session
    
    'Set Objects
    Set oShell = CreateObject( "WScript.Shell" )
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    SET WshShell = createObject("WScript.shell")
    Const intForReading = 1
    Const intForWriting = 2
    Const intForAppending = 8
    ServerShare = "\\ServerNAME\UserLogins$\" 'Requires Users Full Read/Write Access
    OldSession = ""
    CurrentWorkstation = ""
    
    'Get Username & Workstation
    UserID=oShell.ExpandEnvironmentStrings("%UserName%")
    WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
    
    'Check Whether Workstation Has Old Login Session and clear
    
    If objFSO.FileExists( ServerShare & WorkstationID & ".txt") Then
    	Set objFile = objFSO.OpenTextFile(ServerShare & WorkstationID & ".txt", intForReading, False)
    	Oldsession = objFile.ReadLine
    	objFile.Close
    		If objFSO.FileExists( Oldsession & ".txt" ) Then
    			objFSO.DeleteFile(ServerShare & Oldsession & ".txt")
    		End if
    End if
    	
    'Check If Users Logged In
    If objFSO.FileExists ( ServerShare & UserID & ".txt") then
    	Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False) 
    	CurrentWorkstation = objFile.ReadLine
    	objFile.Close
    	
    	'Report Failed Login To LoginsDenied.log
    
    	If objFSO.FileExists (ServerShare & "LoginsDenied.log") then
    
    		SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsDenied.log", intForAppending, True)
    		ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
    
    	else
    		Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsDenied.log")	
    		ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
    
    	End If
    
    	ObjFile.Close
    
    	'Shutdown Process'
    	shutdown = "shutdown /l"
    	WshShell.Popup _
    	"You are already logged onto: " & CurrentWorkstation &  "." & vbcrlf & _
    	"If this is not you please contact the network office." & vbcrlf & vbcrlf & _
        	"This event has be logged to track possible account misuse." & vbcrlf & vbcrlf & _
       	"You will now be logged off",20,"Multiple User Login Detected: " & UserID,16
    	WshShell.Run(shutdown)
    	SET WshShell = Nothing
    	
    Else
    
    	'Create Text Files
    	Set objFile = objFSO.CreateTextFile(ServerShare & WorkstationID & ".txt")
    	ObjFile.Write(UserID)
    	ObjFile.Close
    	Set objFile = objFSO.CreateTextFile(ServerShare & UserID & ".txt")
    	ObjFile.Write(WorkstationID)
    	ObjFile.Close
    
    	'Report Accepted Login To LoginsAllowed.log
    	If objFSO.FileExists (ServerShare & "LoginsAllowed.log") then
    
    		SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsAllowed.log", 8, True)
    		ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
    
    	else
    		Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsAllowed.log")	
    		ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
    
    	End If
    
    	ObjFile.Close
    	
    
    End If
    Logoff.vbs

    Code:
    'Set Objects
    Set oShell = CreateObject( "WScript.Shell" )
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    SET WshShell = createObject("WScript.shell")
    Const intForReading = 1
    Const intForWriting = 2
    Const intForAppending = 8
    ServerShare = "\\ServerName\UserLogins$\" 'Requires Users Full Read/Write Access
    CurrentSession = ""
    
    'Get Username & Workstation
    UserID=oShell.ExpandEnvironmentStrings("%UserName%")
    WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
    
    'Check If Login Session Is Correct To Workstation & User'
    If objFSO.FileExists (ServerShare & UserID & ".txt") Then
    	Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
    	' Read the first line if the file is not empty
    	CurrentSession = objFile.ReadLine
    	objFile.Close
    	If CurrentSession = WorkstationID then
    		objFSO.DeleteFile(ServerShare & WorkstationID & ".txt")
    		objFSO.DeleteFile(ServerShare & UserID & ".txt")
    	End if
    
    End If
    Again, comment opinions if you wish.

    Also Librarian, we dont use roaming profiles here due to the file sizes and login times.
    Last edited by flexyjerkov; 13th April 2010 at 10:19 AM.

  13. 2 Thanks to flexyjerkov:

    DaveP (13th April 2010), lizardboy79 (21st July 2010)

  14. #12

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,107
    Thank Post
    352
    Thanked 1,320 Times in 905 Posts
    Blog Entries
    4
    Rep Power
    1135
    Trialling this version now.

    Thanks again.

  15. #13
    FAA
    FAA is offline
    FAA's Avatar
    Join Date
    Aug 2008
    Posts
    41
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Exclamation

    This issue has been rather extensively covered in this thread.

    Based on IS Decisions' experience and after having heavily invested in R&D on this specific issue for about 9 years, I can categorically affirm that logon scripts-based solutions present too many drawbacks and weaknesses to suit educational IT infrastructures' security requirements.

    With a logon scripts-based solution:
    - if a workstation is not connected to the network, scripts cannot run and sessions history is therefore lost
    - a logon script runs as a user, and an ill-disposed user can therefore kill the script
    - if an untimely reboot occurs, sessions are not suppressed from the database
    - ...

    I'd like to suggest that you give a look to UserLock and see how this software solution helps academic institutions securing and optimizing their free access network.

    Best,

  16. #14

    Join Date
    Jul 2010
    Location
    New York
    Posts
    1
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Small typo preventing old sessions clears

    Hi flexyjerkov,

    Your script is absolutely awesome, and it deserves recognition. In my testing I was frustrated by the session not properly clearing when the workstations were powered off, and read through your code several times before finding this typo:

    In the section "Check Whether Workstation Has Old Login Session and clear", the line:

    If objFSO.FileExists( Oldsession & ".txt" ) Then

    should be

    If objFSO.FileExists( Servershare & Oldsession & ".txt" ) Then

    Just though I should point that out for anyone else having the same issues. Other than that, this is great work!

  17. #15

    Join Date
    May 2010
    Posts
    1,118
    Thank Post
    110
    Thanked 101 Times in 76 Posts
    Rep Power
    51
    Thanks for this script it's great

    I added to the script so when login script is ran it appends logged on to the start of the record in logins allowed and enters a line saying logged off when logoff is ran

    eg logged on - user etc then logged off - user etc

    works a treat

    I also keep tail for windows open with both logs open which monitors in real time

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Script to track user logins
    By Gatt in forum Scripts
    Replies: 47
    Last Post: 2nd August 2013, 10:44 AM
  2. Replies: 3
    Last Post: 26th October 2012, 02:15 PM
  3. Prevent simultaneous logins and more ...
    By FAA in forum Windows Vista
    Replies: 0
    Last Post: 8th September 2008, 10:48 AM
  4. Script to share multiple folders
    By originofsymmetry in forum Scripts
    Replies: 8
    Last Post: 25th August 2008, 11:11 PM
  5. Replies: 15
    Last Post: 19th September 2007, 10:46 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •