locked
Windows Server 2008 limit concurrent connection RRS feed

  • Question

  • Hi, I have Windows Server 2008 and I use it for a file server on my network. I use this server to share various files. I would like to implement a method of higher control of who exactly has access to my files, using usernames and passwords.

    I have done a fair amount of googling, and I have seen some solutions using "limitlogin" & "CConnect". Unfortunately it seems the above mentioned solutions require complex procedures using Active Directory (at least to me) or some configuring client-side. I have no access to the client computers.

    So far I have managed to disable my guest account and create users via local users and groups. This solution seems to be simple, however I have found that more then one user can connect through a single account/username.

    Is it possible to limit an account to one concurrent connection at a single time?

    Any help would be greatly appreciated!
    Tuesday, May 4, 2010 5:49 PM

Answers

  • If you have Active Directory. You should setup sharing based on actived irectory accounts. IF you assign proper share rights and ntfs permissions, you are quite secure (every person will have its own user in AD with its own password). IF users won't share their passwords with each other the problem is solved (I assume you work in small company and you won't need anythig more). Proper password policy will secure against brute force attacks.

     


    With kind regards
    Krystian Zieja
    http://www.projectnenvision.com
    Follow me on twitter
    My Blog
    Tuesday, May 4, 2010 6:35 PM
  • As long as an user logon into one computer, the Windows Active Directory gives a authentication Token. Is the same user logon in other computer, he/she will be given another Toke with the same access.

    This is by desing, there is not native limitation for your scenario.

    You can found great step by step guides in this link...

    http://www.microsoft.com/downloads/details.aspx?FamilyID=518d870c-fa3e-4f6a-97f5-acaf31de6dce&displaylang=en

    Esteban

    Tuesday, May 4, 2010 7:42 PM

All replies

  • If you have Active Directory. You should setup sharing based on actived irectory accounts. IF you assign proper share rights and ntfs permissions, you are quite secure (every person will have its own user in AD with its own password). IF users won't share their passwords with each other the problem is solved (I assume you work in small company and you won't need anythig more). Proper password policy will secure against brute force attacks.

     


    With kind regards
    Krystian Zieja
    http://www.projectnenvision.com
    Follow me on twitter
    My Blog
    Tuesday, May 4, 2010 6:35 PM
  • Hello Krystian,

     

    Thank you for your reply.

     

    I am currently a student at a University! I have no experience with Windows Server besides installing it. I am no too fussed about brute force attacks etc :)

    What I am really fussed about is the concurrent connections!

     

    Have I gone down the wrong road with local users and groups?

     

    Please can you post a simple step by step guide, setting up Active Directory & the accounts!

    Thank you for your help so far!

    Tuesday, May 4, 2010 7:16 PM
  • As long as an user logon into one computer, the Windows Active Directory gives a authentication Token. Is the same user logon in other computer, he/she will be given another Toke with the same access.

    This is by desing, there is not native limitation for your scenario.

    You can found great step by step guides in this link...

    http://www.microsoft.com/downloads/details.aspx?FamilyID=518d870c-fa3e-4f6a-97f5-acaf31de6dce&displaylang=en

    Esteban

    Tuesday, May 4, 2010 7:42 PM
  • Thanks Esteban for the reply!

     

    Okay so I need Active Directory?

    Which guide must I download? I have no idea where to start!

     

    Thanks

    Tuesday, May 4, 2010 8:19 PM
  • Windows Server 2008 Foundation Network Guide is the very first that you should read.

    When any questios come... just post in the forum.

    Esteban

    Tuesday, May 4, 2010 8:37 PM
  • I have gone through this guide but i didnt find anything in it. Can you please help me out to limit an account to one concurrent connection at a single time.

     

    It will be nice if you pls guide me on this issue.

    Monday, May 17, 2010 10:03 PM
  • There is no native feature in Windows to prevent concurrent sessions.

    You should give a look to a 3rd-party software solution named UserLock, that allows IT security teams to:
    - prevent or limit simultaneous logon (same ID, same password), per user or user group
    - record all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL,…) for future reference
    - monitor user sessions in realtime (who is connected, from which workstation(s), for how long…)
    - remotely lock, logoff and reset all interactive sessions
    - define working hours and/or maximum session time for protected users and disconnect users with prior warning outside of the defined timeframe(s) and/or when time is up
    - restrict user group’s network access per workstation or IP range
    - notify all users prior to gaining access to a system with a tailor-made warning message (legal disclaimer, etc.)
    - …


    François Amigorena President & CEO IS Decisions (Security Software) http://www.isdecisions.com
    Thursday, June 24, 2010 8:49 AM