General discussion

Locked

Restrict Logins Through Group Policy

By KingOfTheNerds ·
Hi all.

I want to be able to do the following though Group Policy on my Windows 2000 Server:

- Restrict the users to only logging in on one machine at one time. This is so people don't leave themsleves logged in around the network.

-Setup Group Policy to log users out after 45 minutes. (I thought I found the location of this in Active Directory Users and Computers. But when I enabled it for users and set the time for 45 minutes, it didn't do anything.

Thankyou

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by acattr In reply to Restrict Logins Through G ...

my answer was too long so I provided a link to it from my site. Good Luck.

http://www.acny.com/usermonitor.txt

Collapse -

by KingOfTheNerds In reply to

Thanks for your help, it almost worked, but i think your syntax is wrong for a windows 2000 machine? On my XP machine it logged me out but with my windows 2000 machines, which is the majority of the network, it didn't work.

The user who logged in had a file created into the Logon folder and all looked good, but as soon as I logged in on another machine at the same time, it did nothing.

Any advice?

Collapse -

by vic In reply to Restrict Logins Through G ...

In the Computer Configuration options in your GP; drill down to the following Computer Configuration>windows settings>local policies>security options. Here you'll see the two policies "Automatically logoff users when logon time expires" and "Automatically logoff users when logon times expires (local)" Pick which one of these options you want to apply, then enable it. This is how you get the setting you already applied in AD Users and Computers to actually happen.

Concerning the concurrent logon limits; You need to get the Current Connection Limiter also known as cConnect from the Windows 2000 resource kit CD. This requires having a sql database on the network. There are several third party solutions available for this also. As a side note, there's a tool in the Reskit called limitlogon which is supposedly more intuative than the cconnect tool.

Collapse -

by KingOfTheNerds In reply to

The problem is that I have already enabled both "Automatically logoff users when logon time expires" and "Automatically logoff users when logon times expires (local)". But they don't work.

I have applied only one policy to our domain, and it is at the top level of the domain. All the other policies in this main policies that I have restricted or changed have worked, except these logout ones.

Any advice?

Collapse -

by vic In reply to Restrict Logins Through G ...

Two questions. 1. What else have you specified in this group policy? and do the other things you specified work? Basically, just assigning the policies is not the last step. Verify the read, and the apply group policy permission is granted to the particular users/groups you are attempting to apply this to. You can do this by clicking the "properties" button at at the bottom of the GPO dialog, then click the "security" tab in the dialog that follows. See what permissions are given to your respective users, groups, etc. In short, applying the GPO to the domain does not mean the policies will be rolled out. Neccessary permissions are a must.

Collapse -

by KingOfTheNerds In reply to

The policy applied to the domain is working, each organisational unit under that domain including groups, users and computers inherit the policy.

It is currently doing things like, stop network neighbourhood from appearing on the desktop etc.

I even changed the "Message text for users attempting to logon" policy next to the policies you mentioned, which was to display a welcome message when logging in and it worked.

As far as i can tell, the only policy i have set that isn't working is "automatically log off users when logon time expires" policy. I have set "amount of idle time before disconnecting the session" to 45 minutes but get no loggoff after this time.

Any ideas?

Collapse -

by KingOfTheNerds In reply to Restrict Logins Through G ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums