Re: Concurrent Logons

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/20/05 

Date: Sun, 20 Feb 2005 16:55:42 -0600

Not directly. You can restrict which domain computers a user can logon to in
their user account in Active Directory Users and Computers and you can use
the user rights for logon locally and deny logon locally to control what
users can logon to a particular computer of group of computers in an
Organizational Unit. Beyond that you would need to look at something like
the Resource Kit tool cconnect which requires a client component and the use
of a SQL server on the network which also can cause problems by denying a
user logon if they did not logoff gracefully and store user passwords in
clear text. The links below explain more.

 If you are using smart card logon or can implement it you can configure a
user's account to require smart card for logon and then configure security
policy/security option to cause a user to automatically be logged off if the
smart card is removed from the reader. --- Steve

http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=20555&DisplayTab=Article
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/Security/RestrictingConcurrentLogons.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;237282
http://support.microsoft.com/default.aspx?scid=kb;en-us;260364 --- another
possible solution??

"jpatota" <jpatota@discussions.microsoft.com> wrote in message
news:4BC2E24D-27AD-4117-AAC6-829A09526B4D@microsoft.com...
> Is there a Group Policy that will prevent a user from logging into more
> than
> computer at a time?

Relevant Pages

  • RE: Unable to logon interactively.
    ... administrator user account to logon. ... You may check the default domain policy to confirm that the Log on Locally ... Start the Active Directory Users and Computers snap-in. ...
    (microsoft.public.windows.server.sbs)
  • Re: Login restriction
    ... And what options should I choose in GPO to be able to do what I want? ... logon on 12 different computers. ... these computers, access must be denied. ... then you can use the user account properties ...
    (microsoft.public.windows.server.active_directory)
  • Re: Login restriction
    ... Jorge Silva ... logon on 12 different computers. ... these computers, access must be denied. ... then you can use the user account properties ...
    (microsoft.public.windows.server.active_directory)
  • Re: Making the case for not installing DCs on remote sites (2xT1 links)
    ... 25,000 users;-) and I don't know how may servers -4,000 perhaps. ... I think that the logon ... >>>>to logon from branch offices where I have no DC+GC there. ... >>>>offices with more than 60 computers. ...
    (microsoft.public.win2000.active_directory)
  • Re: User Login
    ... the user account will be able to logon remotely even though they ... the domain group called Domain Users is a member of the local ... Users group on all computers; this is usually why any domain user can ... put those user accounts into domain group and apply a GPO to the OU ...
    (microsoft.public.windows.server.active_directory)
Quantcast