Preventing the SAME User from logging in for 10 minutes?

[Sharpharp]

Hi all,

I am trying to work out how to prevent the same user from logging back into the same pc for 10 minutes.

We have open access pc's, and want to create a short stay environment. I have worked out a way to log a user out after a short period, but we would like to prevent the same user from logging back in, so that others may use the workstation.

The user accounts are Network Active Directory accounts, but i need a way to block the same user from logging onto the SAME pc again for 10 minutes after being logged out. I do not want to block there AD account, as they would be welcome to use other pc's.

Any idea if it can be done with Vbscripting?

thanks in advance,
sharpy

 

[TheKidd]

What do you have so far?

 

[Sharpharp]

If I had anything I wouldn't have posted on here. I've googled to the point of getting RSI in my hand, but can't find anything which can help even get started on what I need to do.

I can't find anything that remembers the previously logged in user, and then retains that information and blocks the user from logging in for 10 mins...

 

[GrimR]

Only thing I can think of is using the lastlogontimestamp. Just not sure if that will prevent a user logging on as the script would have to stay active.

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP

 

[l3it3r]

I'd say that it would be very possible to do this. It would have to run constantly on the server. You'd need to get into ADODB and keeping a record of computer name, user name, and the times in and out of each session.. you'd run into issues of multiple sessions if only use one table, but you could create a table per workstation, or maybe even just an XML file?

In the end, sure its doable, and I've done some complex vbscripts like this in the past. There will be a lot of moving parts to this though.

Just my opinion.. might be a really simple fix, don't know!

 

[mrmovie]

i can see you getting yourself into a rather large mess rather quickly. draw yourself a flow chart of how you want the process to work.

can you approach the implementation in ways?

1. have your user logon script query something and have your logon script log the user off. means you ahve to prevent your user from killing your logon script which might be an issue. on the positive side you are not disabling user accounts all the time

2. have a server side script / service which manipulates the user accounts, enabled or not. I see DC replication an issue with this approach. not to mention if it goes wrong you have to manually enable the affected accounts, who do you tell which ones have been disabled by your process, you ahve log it etc etc etc

 

[DTracy]

What you might try is:

1) using your forced logout routine save the user name, date, and time to a file on the pc before shutdown.

2) in your login script open the file, compare the user name, date, and time. Proceed if same user and greater than 10 minutes, or different user. Otherwise, run your forced logout routine with out saving data.

Might work.

Regards,
David.

 

[TheKidd]

I like DTracy's idea. You could also have your login in and logut routine check the modified date and use datediff to get the number of minutes. Each user would have a empty flag file. See example snippet below:

Call Main()
WScript.Quit

Sub Main()
   set fso=Wscript.CreateOBject("Scripting.FileSystemObject")
   set Net=Wscript.CreateObject("WScript.Network")
   set shell=WScript.CreateObject("WScript.Shell")

strUserName=Net.UserName
WScript.Echo strUserName
   If (fso.FolderExists("c:\temp")) Then 
      set loginFlag=fso.getfile("c:\temp\" & strUserName & "loginTime.txt")
      Set logoffFlag=fso.getfile("c:\temp\" & strUserName & "logofftime.txt")
      loginTime=loginFlag.DateLastModified
      logoffTime=logoffFlag.DateLastModified
      WScript.Echo loginTime
      WScript.Echo logoffTime
      WScript.Echo DateDiff("n",loginTime,logoffTime)
      If DateDiff("n",loginTime,logoffTime)<10 Then
         WScript.Echo "Less than 10 minutes...Try again later "
      Else
         WScript.Echo "Login in..."
      End If
   End If 
   set fso=nothing
   set net=nothing
   set shell=nothing
End Sub

 

[TheKidd]

You could also replace

If DateDiff("n",loginTime,logoffTime)<10 Then

with

If DateDiff("n",loginTime,Now)<10 Then

 

[Sharpharp]

Guys,

I already managed to get a working solution. Similar to whats posted, i wrote my own code using date diff and saving to a txt file. I first save the id of the logged out user, then on logon I compare the user id with the previous user. If the difference is 10 minutes the login session can continue, if not, then log the user out.

Its a shame its not possible to do this prior to logon, but a least the same user will know not to do it again becaise access to the apps will not be available.

Thanks, its just a shame that on login, no utility to prevent logon without doing scripts (part of AD group policy)

Sharpy

 

[DTracy]

Sharpharp-

As an alternative to just not doing a login on user/time failure, have the script run "shutdown" on the workstation. Once or twice of this and the users should learn quickly about the 10 minute thing.

Regards,
David.