none
windows 2008 r2 max local users accounts

    Question

  • hello,

    how much of local user accounts that i can creat on windows 2008 r2?

    also how much of concernet seassions?

    thanks.

    Friday, April 06, 2012 10:22 AM

Answers

  • Hello,

    there are already lot of detailed infos about theoretical limits.

    How many do you need in total and do you run into a limit, have an error message about?

    Concurrent connections on the server are limited to licensing first, 2 remote for administrative access and one on the console. FOr more then this or normal users access this machine as a RD server you must have RD CALs and a RDLicensing server.

    Based on the software they should use on the amchine and the hardware specifications there should be around 40 users be able to work together on one server. We have a virtual RD server farm where we count up to 30 users per RD Server, with an earlier farm on physical machines we copunted up to 40 users per TS.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Saturday, April 07, 2012 11:29 AM
  • Hi,

    I understand that you asked the question for VPN authentication.

    Please check the article below to see whether it can help in your situation.

    Enabling remote client access over a VPN connection

    http://technet.microsoft.com/en-us/library/cc995159.aspx

    In the meantime, I suggest creating thread in IIS forum if you have any question regarding IIS.

    http://forums.iis.net/

    Regards

    Kevin


    TechNet Community Support

    Monday, April 09, 2012 7:06 AM
  • Hi;

    The Security Account Manager (SAM) is a database present on servers which stores user accounts and security descriptors for local users on that particular computer/server. The maximum concurrent sessions that windows Server 2008 R2 can support (I THINK) is 16777216. So as this number, I think the maximum local users relates to this number.

    Please feel free to let us know if you have any question or concern.


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, April 06, 2012 10:36 AM

All replies

  • Hi;

    The Security Account Manager (SAM) is a database present on servers which stores user accounts and security descriptors for local users on that particular computer/server. The maximum concurrent sessions that windows Server 2008 R2 can support (I THINK) is 16777216. So as this number, I think the maximum local users relates to this number.

    Please feel free to let us know if you have any question or concern.


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, April 06, 2012 10:36 AM
  • Hi,

    I don't know that there is a concrete practical limit (see below for the theoretical). In days of old, you could roughly work out the amount because the registry size was limited to around 150MB, but since you can adjust the maximum registry size, that obviously means you can adjust how many local account can be created.

    There's a number of articles around that suggest you can have upwards of 60,000 local accounts based on the old registry size limit of 150MB, though those articles are old and relate to the Windows NT4 to 2000 period. Nevertheless, it gives you some very rough napkin match you can work with.

    Although it's a generalisation, I think it's safe to say that you shouldn't be concerned about upper limits.

    I can't find an article specifically relating to local accounts, but for active directory, you can have around a billion security principles (reference). This is more or less validated by the fact that the SID structure appears to use ULONG (32 bit) values for the relative identifiers, which while scaling up to 4 billion, only 30 bits are used.

    I'd expect you're not going to hit those limits.

    Concurrent sessions is a different kettle of fish and vary wildly depending on the application or service. There's no one answer to this. It could be a small figure like 128 or something in the many millions range. Practical limiters such as the amount of memory consumed per connection and so on also come into play when you're talking about such large figures.

    Cheers,
    Lain

    Friday, April 06, 2012 11:06 AM
  • I believe the theorical limit would be the number of SID values available in the local SAM Account database, which is 2^30 - 1, or 1,073,741,823. This would be the maximum number of objects (of all classes) that can ever be created. Of course the first object you create is number 1000. All lower values are reserved for built-in objects. Practical limits would be much less.


    Richard Mueller - MVP Directory Services

    Friday, April 06, 2012 2:49 PM
  • Hello,

    there are already lot of detailed infos about theoretical limits.

    How many do you need in total and do you run into a limit, have an error message about?

    Concurrent connections on the server are limited to licensing first, 2 remote for administrative access and one on the console. FOr more then this or normal users access this machine as a RD server you must have RD CALs and a RDLicensing server.

    Based on the software they should use on the amchine and the hardware specifications there should be around 40 users be able to work together on one server. We have a virtual RD server farm where we count up to 30 users per RD Server, with an earlier farm on physical machines we copunted up to 40 users per TS.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Saturday, April 07, 2012 11:29 AM
  • hello,

    no i just ask it for vpn authenticatiod d iis too.

    thanks.

    Saturday, April 07, 2012 11:37 AM
  • Hi,

    I understand that you asked the question for VPN authentication.

    Please check the article below to see whether it can help in your situation.

    Enabling remote client access over a VPN connection

    http://technet.microsoft.com/en-us/library/cc995159.aspx

    In the meantime, I suggest creating thread in IIS forum if you have any question regarding IIS.

    http://forums.iis.net/

    Regards

    Kevin


    TechNet Community Support

    Monday, April 09, 2012 7:06 AM

  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
     
    BTW,  we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
     
    Best Regards
     
    Kevin


    TechNet Community Support

    Thursday, April 12, 2012 1:52 AM