Re: Can Windows 2003 limit Concurrent logon

From: Mike Brannigan [MSFT] (mikebran_at_online.microsoft.com)
Date: 01/27/05 

Date: Thu, 27 Jan 2005 23:01:54 -0000

There is also the old Windows 2000 resource kit tool called CCONNECT.EXE

Q: Restricting the Number of Concurrent Logons
A: This week, we first visit the continuing saga of network administrators
that need to manage their company's computing resources in a more granular
way. And who can blame them, with the occasional wild horse out there that
insists on doing things 'their way'. Let's remember, those computing
resources are the assets of your company, after all, and the cost of
supporting the ever increasing number of users is not getting any cheaper.
That's why there's the Zero Administration Kit and the continuing work done
in this area in Windows 2000.

"How can I restrict the number of concurrent logons on a per-user basis?"

This is question that has been asked for a long time. Finally, there appears
to be a resolution to the network administrator's need to limit the number
of concurrent logons a user can perform.

In the upcoming Windows 2000 Resource Kit, there is a tool called
CCONNECT.EXE. This tool will provide a method to track users concurrent
connections and monitor which computers users are logged into. CCONNECT will
run on Windows NT 4.0 SP4 (and up) and Windows 2000. The Windows 2000
Resource Kit is currently in beta, and parts of the Resource Kit are being
distributed on the Windows 2000 Release Candidate 2 beta CDs. Unfortunately,
CCONNECT is not one of the utilities that is included on the RC2 disk, so
you'll have to wait for the final release of the Resource Kit. Please keep
in mind: just like all betas, content (or features) are subject to
change—which includes what will make it in the final release. But we all
knew that.

To give you some more detail on what to expect with CCONNECT, here is the
current list of features:

  a.. Completely hidden from the end user's view
  b.. Keeps track of all computers that users are logged into
  c.. Allows concurrent connection limitations to be set on a per-user/group
basis
  d.. All information is kept in a SQL database managed by the Administrator
  e.. Tracks last known user of the computer
  f.. Monitors what logon server users are logging into
CCONNECT comes with a Group Policy ADM file. This ADM file can be loaded
into System Policy Editor and allows multiple settings to be created through
group policy. These settings are:

  a.. Concurrent Connection Maximums
  b.. The SQL server connection information.
  c.. Track Last User
  d.. Enable Debugging
  e.. Disable Remote Logoff Feature
  f.. Enable Force Logoff
  g.. Enable Event Logging
  h.. Enable Timer Logoff
  i.. Enable Silent Mode 

-- 
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message 
news:OGAQ0$LBFHA.2624@TK2MSFTNGP11.phx.gbl...
> The only way I have ever seen to do this in 2k/ 2k3 server is to write a
> script in the logon that either increments a tracking file or writes to a
> database on logon attempt.  I have never seen anything in the AD to limit
> this.
>
> Anyone else??
>
> -- 
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Jason" <jasons@hotmail.com> wrote in message
> news:eL6DU6LBFHA.1452@TK2MSFTNGP11.phx.gbl...
>> I suppose not but one of my peer colleague said that it's built in or
>> extended as a user attribute by runnning an snap-in ( which I doublt) and
> no
>> need for a SQL backend.
>>
>> The previous version of "CConnect" is good for w2k and NT4 while the beta
>> version of "LmitLogin" disappeared from MS beta web link, am I missing 
>> one
>> of the the latest and the greatest user attribute ?
>>
>> Thanks in advance !
>>
>> Jason
>>
>>
>
>
Loading