Re: Permit only one network logon per user
- From: "Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Sep 2007 22:08:47 -0600
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:uwcAC%2335HHA.464@xxxxxxxxxxxxxxxxxxxxxxx
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:ukRjVcp5HHA.5268@xxxxxxxxxxxxxxxxxxxxxxx
Roger, thanks again.
not a problem at all Christian
I have tried all three solutions mentiones in ths thread, but it is like
no one can manage the situation the way I want. So what many of you said,
now I thinking that the app I made to encode data should handle the
authentication stuff
Unless you can hand authentication to the OS and take finer grain
authorization on in your app (if the AuthN's context allows or not).
I really want to thanks all help I got from all of you. I wish I can help
anyone the way you helped me in the future
Regards
I know I'm late jumping in here, but it seems to me there was a nearly
identical thread here last year. My contribution in that thread was to say
that preventing concurrent logons would have absolutely no effect whatsoever
on preventing authorized users from sharing their logon credentials with
those individuals not authorized. If an authorized user had friends who were
not authorized, he could just let them use his account when he was not using
it.
The ONLY way to know for sure that individual accounts are not being shared
is to have a strong policy against the practice, to apply sanctions when
violations occur, and to provide incentives for honesty, the main one being
showing trust in the user community. The weakest link (and also the
strongest) in any security or access mechanism is the user community.
/Al
Cheers
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> escribió en el mensaje
news:OOQbWMM5HHA.3812@xxxxxxxxxxxxxxxxxxxxxxx
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:udFybTB5HHA.5316@xxxxxxxxxxxxxxxxxxxxxxx
Roger, making my app to control acces should be te last option. Because
a matter of time, I need to find out a solution aready builded, already
tested, and rady-to-use.
I do not know of what that ready-to-use solution would be.
You app is controlling its listener and allowing/disallowing the
connections. If using clients are not using one of the operating
system's logins but rather just connecting to port your app uses,
which is what it is coming to sound like, then it seems it is only
your app that could exert the control.
Roger
"Roger Abell [MVP]" <mvpnospam@xxxxxxx> escribió en el mensaje
news:ev3TzOO4HHA.4676@xxxxxxxxxxxxxxxxxxxxxxx
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:OsdLuDO4HHA.5316@xxxxxxxxxxxxxxxxxxxxxxx
Roger, you're right. I'm not preventing, I have a clue if I log trys
of multiple logins
The content is used 7*24*365. So a logged user will keep logged all
the time. Any attempt to log in with an already logged credential is
a violation (or error).
You're also right about cconnect, I'm rebuilding my DC after trying,
but I think I made a mistake and I'm going to try again
Another point is this, I need to prevent access to a mms (or http)
connection, not a shared resource in a netowrk
All three methods indicated, cconnect, limitlogon, and the share-based
of the KB provided, intend to prevent a second local login.
It sounds to me that you really want a mod in the app so that it does
not
allow a second connection to it using the same creds.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> escribió en el mensaje
news:OcxFHZN4HHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
Hi Christian,
I guess I do not understand how limiting to one session is in fact
preventing unauthorized access.
Assuming it somehow does help, then how does it make sure that
the correct person is the one allowed the one available session?
Anyway, cconnect and limitlogin are fairly heavy to implement.
Take a look at the following for the select few accounts needed:
http://support.microsoft.com/kb/260364
Roger
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:OJ2kARE4HHA.4436@xxxxxxxxxxxxxxxxxxxxxxx
I'm building a product that is accessed with a username and
password, and for preventing unauthorized access to it, I need to
prevent multiple simultaneous logons with the same username and
password
Sorry about my English. Let me know if the answer is clear
Christian
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> escribió en el
mensaje news:26CE53B9-E00D-4BB5-B2E2-17E5A305B4DE@xxxxxxxxxxxxxxxx
Why do you need to do this? What security risk do you need to
mitigate?
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Christian Thies [Ar]" <ch.thies@xxxxxxxxx> wrote in message
news:u71neA13HHA.5724@xxxxxxxxxxxxxxxxxxxxxxx
Hi, I have Windows 2003 domain working. I need to allow only one
network logon per user.
The example is:
User: username
Status: Logged
If user username try to login from a different machine, and he is
logged in another, the login attempt must be denied
How can I accomplish this?
Thanks in advance
.
- Prev by Date: schannel error 36870 (extended 0x80090016)
- Next by Date: Re: DHCP Restrictions
- Previous by thread: schannel error 36870 (extended 0x80090016)
- Next by thread: Re: DHCP Restrictions
- Index(es):
Relevant Pages
|
