JSI Tip 0175 - Prevent users from logging on more than once.

Other than restricting logon to a single computer, Windows NT does not support any standard method of preventing multiple logons. Here is a method that does work:

1. Create a hidden share for each user's home directory and assign share permissions for that user only. I use meaningless alphanumeric strings to prevent guessing the share name. Example: a1hl2o$. Set the User Limit to Allow 1 Users

2. Create a %UserName%.txt file in each user's home directory with read permissions only for that user.

3. Implement a KixTart login script per tip 120.

4. Add the following to the logon script, immediately before the cookie1 statement.

    $K = "@LSERVER" + "\" + "NETLOGON" + "\" + "Once.txt"
    $J = "x:\" + "@USERID" + ".txt"
    if exist ("$J")
     goto done
    AT (1,1)
    display "$K"
    Sleep 3
    $RC = shutdown("", "Shutdown in progress!", 0, 1, 0)

Where once.txt is in the NetLogon share and contains:

    You are logged on more than once!
    Press CTRL + ALT + DELETE
    Press Shutdown

Why does this method work? Since only 1 user is allowed to connect to the user's share, the use command in the logon script fails to map a drive letter if 1 connection to that share already exits. This causes the if exist on %UserName%.txt to be false, invoking the shutdown process. Since the logon script hasn't finished, the manual keystrokes requested in once.txt are required. If a user does not follow these instructions, they are prevented from completing the logon because the shutdown is pending.

See tip 296 for a better way to do this.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.