none
Limit the number of session per user to 1 using active directory in win 2K8 R2

    Question

  • Hi we have a requirement, about limit the number of session for each users in our domain, main purpuse is if one logon per user, then if they trying to log on in other pc while still authenticated in another pc, then the AD deny this access, now is possible to do that using GPO in AD in win 2K8 R2 native?.

     

    regards

    F

    Wednesday, May 18, 2011 7:56 PM

Answers

All replies

  • Hello,

    please see: http://support.microsoft.com/kb/816666

    http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/f67ce90c-fcde-45d2-abd4-f859d7815df2


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, May 18, 2011 10:07 PM
  • Hi Fabian,

     

    It seems that the LimitLogin Utility doesn't work on Windows Server 2008 R2. You can refer to the link below:

     

    How to restrict a user at a time only one user session in windows 2008 active directory users

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/352c13bc-ec2b-42bb-b8c2-1622b8c087c5

     

    Besides, the following method can be another option:

     

    Limit the Number of Network Logins a User Can Make

    http://loginscripts.info/limit-logins.asp

     

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    Regards,

    Cecilia Zhou

    --------------------------------------------------------------------------------

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     

    Thursday, May 19, 2011 6:54 AM
    Moderator
  • LimitLogin is not compatible with Windows Server 2008 and Windows Server 2008 R2.

     

    You should give a look toUserLock (fully compatible with Windows Server 2008, including R2 and Windows 7), that allows IT security teams to:
    - prevent or limit simultaneous logon (same ID, same password), per user, user group or Organizational Unit
    - record all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL,…) for future reference
    - monitor user sessions in realtime (who is connected, from which workstation(s), for how long…)
    - remotely lock, logoff and reset all interactive sessions
    - define working hours and/or maximum session time for protected users and disconnect users with prior warning outside of the defined timeframe(s) and/or when time is up
    - restrict user group’s network access per workstation or IP range
    - notify all users prior to gaining access to a system with a tailor-made warning message (legal disclaimer, etc.)
    - …


    François Amigorena President & CEO IS Decisions (Security Software) http://www.isdecisions.com
    Wednesday, December 14, 2011 10:01 AM