Re: Permit only one network logon per user
- From: "Christian Thies [Ar]" <ch.thies@xxxxxxxxx>
- Date: Fri, 17 Aug 2007 11:43:44 -0300
Steve, you're absolutely right about the risks.
But let me explain a little dipper my situation, my apologies to all for not
doing this from the beginning
I'm building an application that encodes data in an audio stream encoded
with windows media. At the other side, I have developed a decoder, where the
data is decoded. The stream is decoded with windows media.
I'm selling this stream.
The way that this stream is accessed is providing a valid username and
password.
I assign a unique username and password per user of this service.
So, I need to keep an eye in possible steals or not allowed shares of
usernames and passwords. Because of this, I need to make sure that, at
least, no one can log in two or more times simultaneously
Regards, and thanks for your help
Christian
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> escribió en el mensaje
news:9AA8AB78-E044-4636-854A-0C5032A759AD@xxxxxxxxxxxxxxxx
If you don't mind, I'd like to use your situation here to chat a moment
about risk. Limiting simultaneous logons is usually considered for these
reasons:
1. Alice logs on at workstation A. Alice then logs on at workstation B,
which sits next to workstation A.
2. Alice logs on at workstation A. Alice then logs on at workstation B,
which is in another room. Bob wanders along, sees that someone is logged
into unoccupied workstation A, and messes around.
3. Alice logs on at workstation A. Alice shares her ID/password with Bob.
Bob logs on at workstation B.
#1 is not a security risk. #2 and #3 are security risks. Trying to
prohibit simultaneous logons isn't very practical because there are
circumstances in which the tracking mechanism might get out of sync.
Better mitigations are to teach people to log off when not using a
workstation and not to share IDs/passwords with others--and to back up
these policies with consequences.
Also, realize that tools like CConnect apply to the user's entire domain
access, not just to your application. That is, CConnect doesn't have a way
of preventing Alice from logging on multiple times only for the use of
your application--it applies to her domain account on the whole.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:OJ2kARE4HHA.4436@xxxxxxxxxxxxxxxxxxxxxxx
I'm building a product that is accessed with a username and password, and
for preventing unauthorized access to it, I need to prevent multiple
simultaneous logons with the same username and password
Sorry about my English. Let me know if the answer is clear
Christian
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> escribió en el mensaje
news:26CE53B9-E00D-4BB5-B2E2-17E5A305B4DE@xxxxxxxxxxxxxxxx
Why do you need to do this? What security risk do you need to mitigate?
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:u71neA13HHA.5724@xxxxxxxxxxxxxxxxxxxxxxx
Hi, I have Windows 2003 domain working. I need to allow only one
network logon per user.
The example is:
User: username
Status: Logged
If user username try to login from a different machine, and he is
logged in another, the login attempt must be denied
How can I accomplish this?
Thanks in advance
.
- References:
- Permit only one network logon per user
- From: Christian Thies [Ar]
- Re: Permit only one network logon per user
- From: Steve Riley [MSFT]
- Re: Permit only one network logon per user
- From: Christian Thies [Ar]
- Re: Permit only one network logon per user
- From: Steve Riley [MSFT]
- Permit only one network logon per user
- Prev by Date: Re: Logon Using Terminal Services GPO
- Next by Date: Re: Permit only one network logon per user
- Previous by thread: Re: Permit only one network logon per user
- Next by thread: Re: Permit only one network logon per user
- Index(es):
Relevant Pages
|
