In tip 8768 » How can I prevent users from logging on more than once, without using the Cconnect.exe Resource Kit Tool, I scripted a method to prevent concurrent logon.
Microsoft has relased LimitLogon v1.0.
The LimitLogon help file contains: (Read the help file for prerequisites and other important information)
LimitLogin v1.0LimitLogin is an application that adds the ability to limit concurrent user logins in an Active Directory domain.
It can also keep track of all logins information in Active Directory domains.
LimitLogin capabilities include:
- Limiting the number of logins per user from any machine in the domain, including Terminal Server sessions.
- Displaying the logins information of any user in the domain according to a specific criterion (e.g. all the logged-on sessions to a specific client machine or Domain Controller, or all the machines a certain user is currently logged on to).
- Easy management and configuration by integrating to the Active Directory MMC snap-ins.
- Ability to delete and log off user session remotely straight from the Active Directory Users and Computers MMC snap-in.
- Generating Login information reports in CSV (Excel) and XML formats.
LimitLogin Setup ComponentsLimitLogin set-up is combined of three different components: IIS (Web Service), Active Directory and Client.
The set-up should be done in this order since there are dependencies between the components.
LimitLogin is set-up through 3 different MSI installers:
LimitLoginIISSetup.msi, which installs the LimitLogin Web Service (WSLimitLogin)
LimitLoginADSetup.msi, that sets up the Active Directory changes needed for LimitLogin to work.
LimitLoginClientSetup.msi, which installs the client-side requirements for LimitLogin.