none
How many multiple simultaneous logins a user account can have ?

    Question

  • How many multiple simultaneous logins a AD user account can have ? and how to check it 

    is there a way to limit it ?

    Friday, February 17, 2017 8:46 AM

Answers

  • > How many multiple simultaneous logins a AD user account can have ? and how to check it
     
    Unlimited.
     
    > is there a way to limit it ?
     
    Not builtin.
     
    Seems you do not know how Windows authentication (and Kerberos) work under the hood. It is not a "login", it is an "authentication" and some "service tickets"...
     
     
    • Marked as answer by SachinWaghmare Friday, February 17, 2017 11:15 AM
    Friday, February 17, 2017 9:44 AM
  • Active directory does not limit the number of simultaneous logon sessions. you can configure logon and logoff scripts in a Group Policy to log user name, computer name, date time, and whether logon or logoff to a shared log file. These can be as simple as batch files that echo the corresponding environment variables (and a string for logon or logoff) to the shared log file. There would be one line per event. If the values are comma delimited, the log file can be read by Excel for analysis, where you can sort by user and date time. I also published a PowerShell script in the TechNet gallery to analyze such a log file and output logon sessions for each user, which will show when the sessions for any user overlap, linked here:

    https://gallery.technet.microsoft.com/Parse-Log-File-of-Logon-58bfd54e

    I the past I also coded VBScript programs to enforce one logon session per user. It required logon and logoff scripts, but also startup and shutdown scripts to handle cases where the computer shutdown before the user could logoff. The scripts wrote and read flag files in the shared folder to track logon sessions. If the logon script saw that the user was still logged on elsewhere, it displayed a message to the user showing the other computer name, then used a WMI Win32Shutdown method to force logoff. All of the scripts for this solution are linked on this page:

    http://www.rlmueller.net/Logon7.htm

    I tested the scripts years ago, but I believe they are best for one well connected site. They depend on the scripts reading and writing files in one shared folder.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by SachinWaghmare Friday, February 17, 2017 11:15 AM
    Friday, February 17, 2017 10:14 AM

All replies

  • > How many multiple simultaneous logins a AD user account can have ? and how to check it
     
    Unlimited.
     
    > is there a way to limit it ?
     
    Not builtin.
     
    Seems you do not know how Windows authentication (and Kerberos) work under the hood. It is not a "login", it is an "authentication" and some "service tickets"...
     
     
    • Marked as answer by SachinWaghmare Friday, February 17, 2017 11:15 AM
    Friday, February 17, 2017 9:44 AM
  • Active directory does not limit the number of simultaneous logon sessions. you can configure logon and logoff scripts in a Group Policy to log user name, computer name, date time, and whether logon or logoff to a shared log file. These can be as simple as batch files that echo the corresponding environment variables (and a string for logon or logoff) to the shared log file. There would be one line per event. If the values are comma delimited, the log file can be read by Excel for analysis, where you can sort by user and date time. I also published a PowerShell script in the TechNet gallery to analyze such a log file and output logon sessions for each user, which will show when the sessions for any user overlap, linked here:

    https://gallery.technet.microsoft.com/Parse-Log-File-of-Logon-58bfd54e

    I the past I also coded VBScript programs to enforce one logon session per user. It required logon and logoff scripts, but also startup and shutdown scripts to handle cases where the computer shutdown before the user could logoff. The scripts wrote and read flag files in the shared folder to track logon sessions. If the logon script saw that the user was still logged on elsewhere, it displayed a message to the user showing the other computer name, then used a WMI Win32Shutdown method to force logoff. All of the scripts for this solution are linked on this page:

    http://www.rlmueller.net/Logon7.htm

    I tested the scripts years ago, but I believe they are best for one well connected site. They depend on the scripts reading and writing files in one shared folder.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by SachinWaghmare Friday, February 17, 2017 11:15 AM
    Friday, February 17, 2017 10:14 AM