RE: Re : Block simulteneuos logons

if you're using AD. in the user properties, there is a ' sessions ' tab that allows active session limits... Idle limits, etc...

Try there.


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of abdelhakim aliane
Sent: Wednesday, November 07, 2007 11:13 PM
To: Ansgar -59cobalt- Wiechers; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re : Block simulteneuos logons

Hi, have you tried this tool, it is my favorite one in users logons management : Userlock at http://www.isdecisions.com/en/

Regards,
Aliane.



----- Message d'origine ----
De : Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx> À : security-basics@xxxxxxxxxxxxxxxxx Envoyé le : Mercredi, 7 Novembre 2007, 19h07mn 34s Objet : Re: Block simulteneuos logons

On 2007-11-07 jd@xxxxxxxxxxxxxx wrote:
I need assistance with the following query.. My company has a lot of
remote access users and the problem that I am having is that most of
my users use their AD accounts simulteneously. What I mean is that my
users have dialing access and dial back options and what they do is
they allow their family members to use their accounts during the day
while they are at work working. So what I want to do is to block or
allow only single logon for all users on the network. I want my
system
to be able to detect if the user has already logged on be either by
dialup or network and deny the 2nd logon. what solutions can I
implement?

Your users should not give their families access to company resources as that raises both security and legal problems. This is a social problem, which shouldn't be addressed by technical measures alone.

Suggest to your management to write up a policy that prohibits private use of corporate resources and have the users sign it. Make clear to your users that repeated violation of said policy will lead to unemployment (also explain to them why they should not allow their families to use company resources). Monitor successful logons to detect policy violations.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches becoming available."
--Jason Coombs on Bugtraq





_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail


This email, its contents and attachments contain information from j2 Global Communications, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is prohibited. If you have received this email in error please notify the sender by reply e-mail and delete the original message and any copies.

Relevant Pages

  • Re: XP Machines in AD dont behave
    ... If your network config is ok, you should note a few ... Disable asynchronous logons accourding Norbert's link in his post. ... problem as described above or any other reason), the connection could be ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: XP Machines in AD dont behave
    ... If your network config is ok, you should note a few ... Disable asynchronous logons accourding Norbert's link in his post. ... problem as described above or any other reason), the connection could be ...
    (microsoft.public.de.german.windowsxp.gruppen.richtlinien)
  • Re: Trace of 139 attack?
    ... Subject: Trace of 139 attack? ... While we may hope that the thread title would keep the context of logons to ... might mistakenly consider them "network" logons. ...
    (Focus-Microsoft)
  • Interactive Logon permissions
    ... tells me that interactive logons are not permitted. ... I cannot log in using the Administrator account or in safe ... the machine over a network either! ... PS - Thanks Roger for your help the first time round. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast