RE: w2k logon from one computer only

From: Kevan Smith (Kevan.Smith_at_tideworks.com)
Date: 04/29/04

  • Next message: Andy Pham: "IE questions" 
    Date: Thu, 29 Apr 2004 07:40:25 -0700
To: <onel@uekae.tubitak.gov.tr>, <focus-ms@securityfocus.com>

    Dincer,

    The difficulty here is that the DCs are not notified when a user logs off, so anything that would touch your desired effect would take some fancy footwork. The closest thing I've seen was when an administrator gave each user a roaming profile, shared each profile individually, and set the connection limit on those shares to 1. You may be able to modify this approach somewhat to achieve your goal. For example you can add some logic to the logon script which logs the user off if unable to map the drive.

    Kevan Smith
    Windows Technology Engineer
    Tideworks Technology

    MCSE, MCP+I

    -----Original Message-----
    From: Dinçer ÖNEL [mailto:onel@uekae.tubitak.gov.tr]
    Sent: Thursday, April 29, 2004 12:57 AM
    To: focus-ms@securityfocus.com
    Subject: w2k logon from one computer only

    Hi everybody,
    Is there any GP setting or something else that restrict users from logging to a computer while he/she already logged on from another computer in w2k domain. I need to find a way to force users log off before logon to another computer. Does anyone heard about any MS solution for that, or 3rd party solutions (preferably MS solution).
    Thanks in advance

    Dincer ONEL, CISSP
    Network Security Researcher
    TUBITAK-UEKAE
    P.K.74 41470 Gebze
    Kocaeli TURKEY
    Tel:+90-262-6481398
    Fax:+90-262-6481100

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Andy Pham: "IE questions"