General discussion

  • Creator
    Topic
  • #2182237

    Restrict Logins Through Group Policy

    Locked

    by kingofthenerds ·

    Hi all.

    I want to be able to do the following though Group Policy on my Windows 2000 Server:

    – Restrict the users to only logging in on one machine at one time. This is so people don’t leave themsleves logged in around the network.

    -Setup Group Policy to log users out after 45 minutes. (I thought I found the location of this in Active Directory Users and Computers. But when I enabled it for users and set the time for 45 minutes, it didn’t do anything.

    Thankyou

All Comments

  • Author
    Replies
    • #3175284

      Reply To: Restrict Logins Through Group Policy

      by acattr ·

      In reply to Restrict Logins Through Group Policy

      my answer was too long so I provided a link to it from my site. Good Luck.

      http://www.acny.com/usermonitor.txt

      • #3175264

        Reply To: Restrict Logins Through Group Policy

        by kingofthenerds ·

        In reply to Reply To: Restrict Logins Through Group Policy

        Thanks for your help, it almost worked, but i think your syntax is wrong for a windows 2000 machine? On my XP machine it logged me out but with my windows 2000 machines, which is the majority of the network, it didn’t work.

        The user who logged in had a file created into the Logon folder and all looked good, but as soon as I logged in on another machine at the same time, it did nothing.

        Any advice?

    • #3174655

      Reply To: Restrict Logins Through Group Policy

      by vic ·

      In reply to Restrict Logins Through Group Policy

      In the Computer Configuration options in your GP; drill down to the following Computer Configuration>windows settings>local policies>security options. Here you’ll see the two policies “Automatically logoff users when logon time expires” and “Automatically logoff users when logon times expires (local)” Pick which one of these options you want to apply, then enable it. This is how you get the setting you already applied in AD Users and Computers to actually happen.

      Concerning the concurrent logon limits; You need to get the Current Connection Limiter also known as cConnect from the Windows 2000 resource kit CD. This requires having a sql database on the network. There are several third party solutions available for this also. As a side note, there’s a tool in the Reskit called limitlogon which is supposedly more intuative than the cconnect tool.

      • #3179055

        Reply To: Restrict Logins Through Group Policy

        by kingofthenerds ·

        In reply to Reply To: Restrict Logins Through Group Policy

        The problem is that I have already enabled both “Automatically logoff users when logon time expires” and “Automatically logoff users when logon times expires (local)”. But they don’t work.

        I have applied only one policy to our domain, and it is at the top level of the domain. All the other policies in this main policies that I have restricted or changed have worked, except these logout ones.

        Any advice?

    • #3179037

      Reply To: Restrict Logins Through Group Policy

      by vic ·

      In reply to Restrict Logins Through Group Policy

      Two questions. 1. What else have you specified in this group policy? and do the other things you specified work? Basically, just assigning the policies is not the last step. Verify the read, and the apply group policy permission is granted to the particular users/groups you are attempting to apply this to. You can do this by clicking the “properties” button at at the bottom of the GPO dialog, then click the “security” tab in the dialog that follows. See what permissions are given to your respective users, groups, etc. In short, applying the GPO to the domain does not mean the policies will be rolled out. Neccessary permissions are a must.

      • #3179030

        Reply To: Restrict Logins Through Group Policy

        by kingofthenerds ·

        In reply to Reply To: Restrict Logins Through Group Policy

        The policy applied to the domain is working, each organisational unit under that domain including groups, users and computers inherit the policy.

        It is currently doing things like, stop network neighbourhood from appearing on the desktop etc.

        I even changed the “Message text for users attempting to logon” policy next to the policies you mentioned, which was to display a welcome message when logging in and it worked.

        As far as i can tell, the only policy i have set that isn’t working is “automatically log off users when logon time expires” policy. I have set “amount of idle time before disconnecting the session” to 45 minutes but get no loggoff after this time.

        Any ideas?

    • #3048580

      Reply To: Restrict Logins Through Group Policy

      by kingofthenerds ·

      In reply to Restrict Logins Through Group Policy

      This question was closed by the author

Viewing 3 reply threads