Multiple Logins

[Paul Lagasse]

Is there anything in AD to control the multiple logins for users.

 

[Steven L Umbach]

Not directly. You can limit which computers a user logs onto in their
account properties in AD Users and Computers. There is also a Resource Kit
Tool called cconnect that can limit logons but it requires the use of a SQL
server on the network and has a client component. If you are fortunate to be
using smart card logon you can configure Group Policy to require smart card
logon and also that the user will be logged off if they remove their smart
card.

Good news for Windows 2003 domains! Microsoft is releasing a RK tool called
limitlogon [available beta now]. It will do the same as cconnect but better
and instead of a SQL server will use an IIS server on the networks. The
client component is a .msi package so that it can easily be applied via
Group Policy. The links below explain more. --- Steve

http://www.windowsitpro.com/Article/ArticleID/20555/20555.html -- cconnect
http://support.microsoft.com/default.aspx?scid=kb;en-us;260364 -- another
possibility
http://blogs.msdn.com/jhoward/archive/2005/03/14/395135.aspx -- limitlogon
http://bink.nu/files/limitlogonfaq.htm -- limitlogon FAQ.

 

[Steven L Umbach]

Also be sure to read the FAQ on limitlogon as it claims that it can work in
a Windows 2000 domain as long as there is one Windows 2003 domain controller
in the domain. I have not verified this myself nor can vouch for the
accuracy of the FAQ or find any official Microsoft information but it still
sounds like a much needed utility with great potential. --- Steve

Not directly. You can limit which computers a user logs onto in their
account properties in AD Users and Computers. There is also a Resource Kit
Tool called cconnect that can limit logons but it requires the use of a
SQL server on the network and has a client component. If you are fortunate
to be using smart card logon you can configure Group Policy to require
smart card logon and also that the user will be logged off if they remove
their smart card.

Good news for Windows 2003 domains! Microsoft is releasing a RK tool
called limitlogon [available beta now]. It will do the same as cconnect
but better and instead of a SQL server will use an IIS server on the
networks. The client component is a .msi package so that it can easily be
applied via Group Policy. The links below explain more. --- Steve

http://www.windowsitpro.com/Article/ArticleID/20555/20555.html --
cconnect
http://support.microsoft.com/default.aspx?scid=kb;en-us;260364 -- another
possibility
http://blogs.msdn.com/jhoward/archive/2005/03/14/395135.aspx -- limitlogon
http://bink.nu/files/limitlogonfaq.htm -- limitlogon FAQ.

Is there anything in AD to control the multiple logins for users.

 

[Jerold Schulman]

Is there anything in AD to control the multiple logins for users.

See tip 9159 and links in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com