Re: NT4 Disallow multiple logins

From: ObiWan (anzenNO-SPAM@gmx.net)
Date: 05/22/02 

From: "ObiWan" <anzenNO-SPAM@gmx.net>
Date: Wed, 22 May 2002 13:11:07 +0200

> I have an NT4 Server running 98SE W/stations. The problem
> I have is disallowing users sharing their usernames and
> passwords. (I can't sack them for this because I work in a
> school and my client base comprises primarily of Students.)
> Is there a way of only allowing a username and password to
> be in use on my network once at a time? I've been through
> the User Manager and can't find it in there so I am
> assuming I will have to write something in the Login
> scipts. If I can avoid doing this it would be preferable
> to me.

I'll assume that you created an NT domain and
that the Win98 machines are accessing that
domain; in this case:

open the user manager and from the menu
select "criteria" and "account", next specify
the needed password criteria; that is the
max age, the min length and so on; be sure
to tick the box to "remember 'n' passwords"
so that your user will be forced to use a
different password each time and not to
reuse the older ones, confirm.

Now select a user from the user list and
double click on it, be sure that the password
expiry option is unselected (password *must*
expire) and allow the user to change the
password; as an additional measure you could
specify access times and logon machines this
will allow the logon *only* in the defined time
period and *only* from the defined machines,
this will avoid that students could logon outside
the school time and/or from unauthorized machines

repeat the process for every needed user.

As a rule of thumb, you could setup a password
aging period of 1 day, allow only passwords of
7 chars or more, keep the last 10 passwords and
lock the account after 3 failed access attempts
unlocking it after 60 minutes. Be sure that none
of the users (students) has admin privileges but
set them all inside a group and give to the group
*only* the required privileges/permissions

Additionally if you specified a "time window" as
seen above, you could force an "end session"
so that if someone leaves a machine powered
on and logged it won't create a security hole.

Relevant Pages

  • Initial Rant
    ... This school year was a bit different than the last few years. ... With in this deal we got a new file server, ... Several windoze machines that are littered around the district ... changes was authentication of the students through the new server. ...
    (alt.sysadmin.recovery)
  • Re: Local Security Policy in Windows XP Home
    ... the logon profiles and have disabled the guest account. ... It's a network component that should be checked ... >> machines and a 2Wire router. ... I can access shared files from Charlie to Alpha ...
    (microsoft.public.security)
  • Re: Re: as readily as Claude destroys, you can wave the cinema much more almost
    ... machines in the Fiction Department. ... branch secretary in the Youth League before joining the Junior Anti-Sex ... the sub-section of the Fiction Department which turned out cheap ... Spanking Stories or One Night in a Girls" School, ...
    (sci.crypt)
  • unknown user name / dropping authentication
    ... The only way to reconnect to the server is logoff/logon or reboot. ... Profiles) something called User Unknown as a profile on all the machines, ... Logon Failure: ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: intermittent problems with software install via GPO
    ... netdiag on one of the problem machines. ... > No Domain Controller is available for domain LONGWOOD due to the ... > There are currently no logon servers available to service the logon ...
    (microsoft.public.win2000.security)
Quantcast