I have scripted LimitLogonDefine.bat and LimitLogon.bat to limit the logon minutes of a specific user on a specific workstation.
NOTE: LimitLogon.bat uses PsShutdown.exe and PsLoggedOn.exe freeware, which must be located in a folder that is in your PATH.
NOTE: You can run these scripts on Windows 2000 if you:
- Install the Support Tools from the Windows CD-ROM.
- Implement Can I use the Windows XP command line scheduler in Windows 2000?
- Defines the user(s) and their logon limits by creating a HKEY_LOCAL_MACHINE\Software\LimitLogon\<User Logon Name> key
with the following Value Names:
Limit - contains the logon limit.
Minutes - contains the number of minutes used today.
Today - contains today's date. - Creates a LimitLogon account that is a member of the local Administrators group.
- Creates a LimitLogon Scheduled Task that starts when anyone logs on, and runs in the LimitLogon context.
The syntax for using LimitLogonDefine.bat is:
LimitLogonDefine A|D UserName1 Limit1 \[A|D UserName2 Limit2 ...\]
Where:
A Adds a user. D Deletes a user. UserNamei is the <User Logon Name> Limiti is the UserNamei logon limit in minutes.NOTE: When deleting a user, no Limiti should be specified.
LimitLogonDefine.bat contains:
@echo off
setlocal
if /i \{%1\} EQU \{A\} goto OK1
if /i \{%1\} EQU \{D\} goto OK1
:error
@echo Syntax: LimitLogonDefine A^|D UserName1 Limit1 \[A^|D UserName2 Limit2 ...\]
endlocal
goto :EOF
:OK1
if /i \{%1\} EQU \{D\} goto loop
if \{%3\}\{\} goto error
set work=%3
call :minutes>nul 2>&1
if "%work%" NEQ "%minute%" goto error
:loop
if \{%1\}
\{\} goto finish
set code=%1
set user=%2
set work=%3
if /i "%code%" EQU "A" goto add
if /i "%code%" EQU "D" goto del
@echo Error %code%
goto error
:finish
call :addLL>nul 2>&1
endlocal
goto :EOF
:addLL
set OK=N
for /f "Tokens=1,2*" %%a in ('net user LimitLogon^|FIND "User"^|FIND "LimitLogon"') Do (
set OK=Y
)
if "%OK%" EQU "Y" goto :EOF
net user LimitLogon LimitLogon /add
net localgroup Administrators LimitLogon /add
schtasks /Create /S \\%ComputerName% /U %ComputerName%\LimitLogon /P LimitLogon /RU LimitLogon /RP LimitLogon /SC ONLOGON /TN LimitLogon /TR %SystemRoot%\LimitLogon.bat
goto :EOF
:add
set user=%user:"=%
set work=%3
call :minutes>nul 2>&1
if "%work%" NEQ "%minute%" goto error
call :adduser>nul 2>&1
shift
shift
shift
goto loop
:del
set user=%user:"=%
set OK=N
for /f "Tokens=1" %%l in ('reg query "HKLM\Software\LimitLogon\%user%" /V Limit^|FIND "Limit"') do (
set OK=Y
)
if "%OK%" EQU "N" @echo User not found&goto error
call :deluser>nul 2>&1
shift
shift
goto loop
:deluser
reg delete "HKLM\Software\LimitLogon\%user%" /F
goto :EOF
:adduser
reg add "HKLM\Software\LimitLogon\%user%" /V Limit /T REG_SZ /D %minute% /F
reg add "HKLM\Software\LimitLogon\%user%" /V Today /T REG_SZ /D %DATE% /F
reg add "HKLM\Software\LimitLogon\%user%" /V Minutes /T REG_SZ /D 0 /F
goto :EOF
:minutes
set /a minute=1000%work%%%1000
LimitLogon.bat contains:
@echo off
setlocal
set /a loopsecs=121
set /a loopmins=(%loopsecs%) / 60
if %loopmins% LSS 1 set /a loopmins=1
if exist "%TEMP%\LimitLogon.log" del /q "%TEMP%\LimitLogon.log"
for /f "Tokens=3* Delims=\" %%a in ('reg query HKLM\software\LimitLogon /s') do (
if "%%b" NEQ "" @echo %%b>>"%TEMP%\LimitLogon.log"
)
:loop
ping -n %loopsecs% 127.0.0.1>nul
for /f "Tokens=1* Delims=\" %%a in ('psloggedon -l -x^|FINDSTR /I "%ComputerName% %USERDOMAIN%"^|FINDSTR /I /G:"%TEMP%\LimitLogon.log"') do (
call :testuser "%%a" "%%b"
)
goto loop
:testuser
set dom=%1
set dom=%dom: =%
set dom=%dom:" =%
set dom=%dom:"=%
if /i %2 EQU "LimitLogon" goto :EOF
set user=%2
set user=%user:"=%
call :getLimit>nul 2>&1
if "%OK%" EQU "N" goto :EOF
for /f "Tokens=1,3" %%a in ('reg query "HKLM\Software\LimitLogon\%user%" /V Today^|FIND "Today"') do (
set Today=%%b
)
for /f "Tokens=1,3" %%a in ('reg query "HKLM\Software\LimitLogon\%user%" /V Minutes^|FIND "Minutes"') do (
set /a Minutes=1000%%b%%1000
)
set /a elapse=0
If /i "%DATE%" NEQ "%Today%" call :ZMin>Nul 2>&1
set /a elapse=%Minutes%
for /f "Tokens=1,2* Delims=:" %%i in ('@echo %TIME%') do (
set /a hour=100%%i%%100
set /a mins=100%%j%%100
set work1=%%k
)
set work2=%work1:PM=%
if "%work1%" NEQ "%work2%" set /a hour=%hour% + 12
set /a now=(%hour% * 60) + %mins%
for /f "Tokens=1-3*" %%i in ('net user "%user%"^|FIND "Last"^|FIND "logon"') do (
set logonD=%%k
set LogonT=%%l
)
for /f "Tokens=1* Delims=: " %%i in ('@echo %LogonT%') do (
set /a logHours=100%%i%%100
set logMins=%%j
)
set logMins=%logMins: =%
set work=%logMins:AM=%
if "%logMins%" NEQ "%work%" set /a logMins=100%work%%%100&goto elapsed
set work=%logMins:PM=%
if "%logMins%" EQU "%work%" set /a logMins=100%work%%%100&goto elapsed
set /a logMins=100%work%%%100
set /a logHours=%logHours% + 12
:elapsed
set /a since=(%logHours% * 60) + %logMins%
set /a elapse=%elapse% + %now% - %since%
:Upd
call :ZMin>nul 2>&1
if %elapse% LSS %Limit% goto :monitor
call :ZMin>nul 2>&1
net send "%user%" Your logon limit has expired. You have 2 minutes to save your work and log off.
ping -n 121 127.0.0.1>nul
PsShutdown -o -f
goto loop
:monitor
ping -n %loopsecs% 127.0.0.1>nul
set OK=N
for /f "Tokens=*" %%a in ('psloggedon -l -x^|FINDSTR /I /L /C:"%dom%\%user%"') do (
set OK=Y
)
If "%OK%" EQU "N" goto :EOF
set /a elapse=%elapse% + %loopmins%
goto :Upd
:getLimit
set OK=N
for /f "Tokens=1,3" %%a in ('reg query "HKLM\Software\LimitLogon\%user%" /V Limit^|FIND "Limit"') do (
set OK=Y
set /a Limit=1000%%b%%1000
)
goto :EOF
:ZMin
reg add "HKLM\Software\LimitLogon\%user%" /V Today /T REG_SZ /D %DATE% /F
reg add "HKLM\Software\LimitLogon\%user%" /V Minutes /T REG_SZ /D %elapse% /F
set /a Minutes=0
0 comments
Hide comments
