Limiting users to one concurrent login in Active Directory

pts.
Tags:
Biometrics
Digital certificates
Identity & Access Management
Management
Microsoft Windows
OS
provisioning
Security
Security tokens
Servers
Single sign-on
SQL Server
We wish our users to login once only to one PC. Microsoft say we can only do this by limiting them to one designated machine, this is not possible for us. We need to know that if a particular user did something we can rely on the audit trail. We understand this may get tricky with Citrix use. Various things have been suggested particulary HP Protect tools. Anyone got any views on this or other possible products or solutions? Thanks to all that replied to my previous question - helpful responses from all of you.

Answer Wiki

Thanks. We'll let you know when a new response is added.

New download: Microsoft LimitLogin 1.0
“Microsoft is happy to announce the availability of LimitLogin v1.0, an application that adds the ability to limit concurrent interactive user logons in an Active Directory domain. It can also keep track of all logins information in Active Directory domains (without necessarily enforcing logons quotas).

The challenge of limiting concurrent logons in a distributed environment is huge, and although LimitLogin is not a “bullet proof” solution to all the aspects of this challenge, many customers might still find this tool helpful, as this capability has been highly requested by different customers (banks, ISPs, libraries etc) in numerous RFPs etc.”
LimitLogin capabilities include:
- Limiting the number of logins per user from any machine in the domain, including Terminal Server sessions.
- Displaying the logins information of any user in the domain according to a specific criterion (e.g. all the logged-on sessions to a specific client machine or Domain Controller, or all the machines a certain user is currently logged on to).
- Easy management and configuration by integrating to the Active Directory MMC snap-ins.
- Ability to delete and log off user session remotely straight from the Active Directory Users and Computers MMC snap-in.
- Generating Login information reports in CSV (Excel) and XML formats.
Please keep in mind that this tool is Not Supported (similar to a resource kit or support tool).

http://download.microsoft.com/download/f/d/0/fd05def7-68a1-4f71-8546-25c359cc0842/limitlogin.exe

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Juscelino
    You stated: "Microsoft say we can only do this by limiting them to one designated machine, this is not possible for us." Why not? Can you be more specific? In Active Directory Users and Computers, if you look in a specific user's properties, the option is clearly there under the "Account" tab, then clicking on "Log On To..." setting... Please clarify if I am misunderstanding your issue...
    0 pointsBadges:
    report
  • Spadasoe
    A good 3rd party solution is userlock http://www.pnltools.com/productinfo.asp?productid=17&refid=138 I use it in my AD and have no problems. It is easy to set up and manage, prvides alerts and other tools
    5,130 pointsBadges:
    report
  • Amigus
    If all you're worried about is an audit trail why bother? Having a good authentication scheme, audit policy and signed usage agreement stating users should not share passwords and that they are responsible for the actions performed using their accounts, you have an audit trail that would stand up in a court of law or a board room.
    0 pointsBadges:
    report
  • Jerry Lees
    This is an awesome solution to the posting. Another tool that people seem to have been raving about was userlock.
    5,335 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following