Re: Preventing multiple logins in 2003

From: Martin Mewes (mm_at_mewes.tv)
Date: 01/28/05

  • Next message: Laura A. Robinson: "RE: RESPONSE: Users "bypassing" Group Policy restrictions"
    To: focus-ms@securityfocus.com
    Date: Fri, 28 Jan 2005 08:14:03 +0100
    
    

    Hi Ian,

    Ian Turnbull <ian.turnbull@mpsgi.com> wrote :

    > It has been noted that some of our user base are allowing other
    > members of staff to login using their user account. We are currently
    > in the process of moving to a fully functional 2003 domain and I
    > would like to disable concurrent logons via group policy. Any
    > suggestions?

    We had the same problem here and did not come to any conclusions.
    For now we have written a little logon script which writes a lock into
    the $home of the user like this ...

    :test
    if not exist \\path\logged.in goto login
    logout.exe

    :login
    echo lock > \\path\logged.in
    ...

    ... together with a logout script which deletes the lock. Anyway from
    time to time we run into trouble if a users machine has a blue screen
    or something so tha admin has to delete the lock manually.

    We thought about locking the user to a collection of single machine
    (which is possible since NT4) but not sure if this really helps.

    bis dahin/kind regards
       
    Martin Mewes
       

    -- 
    The e-mail server is unable to verify your server connection and
    is unable to deliver this message. Please restart your computer and
    try sending again.  (The beauty of it is that when I return, I can
    see how many in-duh-viduals did this over and over)  
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Laura A. Robinson: "RE: RESPONSE: Users "bypassing" Group Policy restrictions"