Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Exclusive user logins
- Thread starter beel1956
- Start date
I'm affraid it will cost you. There is no standard way of doing this. You have to use CConnect.exe, which is included free in the nice pricey Windows 2000 Server resource kit. I don't know if you can get it from anywhere else, a quick google, just points me to articles about it in only being available in the Win 2k Serv resource kit.
It is pretty complex configuration of the tool, and it needs to be installed on each machine. However, you can distribute it through group policy, or logon scripts. You just need to plant it.
It basically works by registering a session in the database, when another one logs on, if a session for that User is active, then it logs the last logon machine off.
There is a third party tool available aswell, I think called UserLocker. However, I don't know if it still works in post NT domains.
Also, I've not heard of any free way of doing this, as it is not client side controled, therefore can't be processes solely through Group Policy, as no mechanism is inserted into AD to check for concurrent logons.
Hope this Helps.
Neil J Cotton
njc Information Systems
Systems Consultant
It is pretty complex configuration of the tool, and it needs to be installed on each machine. However, you can distribute it through group policy, or logon scripts. You just need to plant it.
It basically works by registering a session in the database, when another one logs on, if a session for that User is active, then it logs the last logon machine off.
There is a third party tool available aswell, I think called UserLocker. However, I don't know if it still works in post NT domains.
Also, I've not heard of any free way of doing this, as it is not client side controled, therefore can't be processes solely through Group Policy, as no mechanism is inserted into AD to check for concurrent logons.
Hope this Helps.
Neil J Cotton
njc Information Systems
Systems Consultant
- Thread starter
- #3
I found this on the Microsoft website and tried it but it'd no good either. I belive it can be done in Server 2003 tho. Will just have to put up with it I guess.
Create a logon script.
a. Use a text editor to create the following batch file:
net use T: /delete
net use T: \\<Servername>\<sharename>
if exist T: goto end
if not exist T: goto logout
:logout
echo Y | logoff.exe
:end
b. Save the file with a .bat extension in the Netlogon share of the domain controller.
c. To restrict concurrent logons for specific user accounts, use this logon script or incorporate the script in an existing logon script.
Note This example uses drive T. You can substitute any drive letter for "T." Also, if you specify the user's home folder, you can use the %USERNAME% environment variable instead of the share name.
3. Copy the Logoff.exe tool from the Windows 2000 Server Resource Kit, and then copy the logon script that you just created to the domain controller's Netlogon share.
When a user tries to connect to the restricted share, the user will be automatically logged off the computer.
Create a logon script.
a. Use a text editor to create the following batch file:
net use T: /delete
net use T: \\<Servername>\<sharename>
if exist T: goto end
if not exist T: goto logout
:logout
echo Y | logoff.exe
:end
b. Save the file with a .bat extension in the Netlogon share of the domain controller.
c. To restrict concurrent logons for specific user accounts, use this logon script or incorporate the script in an existing logon script.
Note This example uses drive T. You can substitute any drive letter for "T." Also, if you specify the user's home folder, you can use the %USERNAME% environment variable instead of the share name.
3. Copy the Logoff.exe tool from the Windows 2000 Server Resource Kit, and then copy the logon script that you just created to the domain controller's Netlogon share.
When a user tries to connect to the restricted share, the user will be automatically logged off the computer.
I don't see how that could work. Using a share, you need to give permissions for the folder to have multiple connections, otherwise only one person in the whole network would be able to logon. And I don't see any concurrency options per user account on any folder options. As the driver is mapped to the local machines user profile, and not a domain profile, there is no way of the profile being checked by the second user logging on to see if T: already exists.
Unless the drive is mapped to the user domain profile area, then I don't know how it would work. and surely, if that were the case, it should check if T: exists first, rather than deleting it and reconnecting.
But I'm not a scripter. Mark maybe able to shed some more light on it.
Hope this Helps.
Neil J Cotton
njc Information Systems
Systems Consultant
Unless the drive is mapped to the user domain profile area, then I don't know how it would work. and surely, if that were the case, it should check if T: exists first, rather than deleting it and reconnecting.
But I'm not a scripter. Mark maybe able to shed some more light on it.
Hope this Helps.
Neil J Cotton
njc Information Systems
Systems Consultant
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question
