We're going to use a script that allows users to login only one time, but some...
We're going to use a script that allows users to login only one time. However some users need an second login opportunity. How can this be handled in a script? This is the script where going to use: -------'== Limit User Logins '== Written by: James Gzowski (2010) '== Logon Script '== This script consists of two parts, Logon.vbs & Logoff.vbs '== The script is designed to prevent multiple logons on a network from different workstations '== This will not work for Terminal Servers where each user will login on the same server. '== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in. '== If this happens, the user can either relog into the workstation or request their session files are deleted '== from the ServerShare, these files will be named: <Username>_<Workstation>.txt and <Username>.txt. 'Set Objects Set oShell = CreateObject( "WScript.Shell" ) Set objFSO = CreateObject("Scripting.FileSystemObject") SET WshShell = createObject("WScript.shell") 'ServerShare = "\\SERVERPATH\SHARE" 'Requires Users Full Read/Write Access ServerShare = "\\SERVERPATH\SHARE" 'Requires Users Full Read/Write Access 'Get Username & Workstation UserID=oShell.ExpandEnvironmentStrings("%UserName%") WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%") 'Check If Users Logged In' If objFSO.FileExists ( "\\SERVERPATH\SHARE" & UserID & ".txt") then 'Report Failed Login To LoginsDenied.log If objFSO.FileExists ("\\SERVERPATH\SHARE" & "LoginsDenied.log") then SET ObjFile = objFSO.OpenTextFile("\\SERVERPATH\SHARE" & "LoginsDenied.log", 8, True) ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID) else Set objFile = objFSO.CreateTextFile("\\SERVERPATH\SHARE" & "LoginsDenied.log") ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID) End If ObjFile.Close 'Shutdown Process' shutdown = "shutdown /l" WshShell.Popup _ "U bent reeds ingelogd op een andere werkplek." & vbcrlf & vbcrlf & _ "Bent u zich hier niet van bewust, neem " & vbcrlf & _ "dan contact op met de Helpdesk (tst.245)." & vbcrlf & vbcrlf & _ "",20,"Gebruiker " & UserID,16 WshShell.Run(shutdown) SET WshShell = Nothing Else 'Create Text Files Set objFile = objFSO.CreateTextFile("\\SERVERPATH\SHARE" & UserID & "_" & WorkstationID & ".txt") Set objFile = objFSO.CreateTextFile("\\SERVERPATH\SHARE" & UserID & ".txt") ObjFile.Write(WorkstationID & " at " & Time) ObjFile.Close ' 'Report Accepted Login To LoginsAllowed.log ' If objFSO.FileExists (ServerShare & "LoginsAllowed.log") then ' ' SET ObjFile = objFSO.OpenTextFile("\\SERVERPATH\SHARE" & "LoginsAllowed.log", 8, True) ' ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID) ' ' else ' Set objFile = objFSO.CreateTextFile("\\SERVERPATH\SHARE" & "LoginsAllowed.log") ' ObjFile.Writeline ("Date: " & Date & " | Time: " & Time & " | Workstation: " & WorkstationID & " | Username: " & UserID) ' End If ' ObjFile.Close End If -------- This works , when I want to limit the users to only one login at the time. ***The users who needs a seconds login opportunity are members of the same Secuity Group (for instance "PublicRelations").
March 25th, 2011 3:39pm

Just make sure the script is not executed for those user accounts. Create some group like "Multilogon Users" and use the group policy security filtering feature to deny them processing of the script.MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA
Free Windows Admin Tool Kit Click here and download it now
March 25th, 2011 5:24pm

You may want to investigate querying the user attribute "logonCount" May not apply...just an FYI
March 26th, 2011 2:41am

Thank you for the reply. I was hoping for a different solution. --- All the users are in one OU. On that OU the script will be active through a policy. We´re trying to keep the AD Structure as 'clean' as possibble (meaning we try to use policys/scripts on the existing OU's. Is it possible to use the filtering on that OU (Users)? Maybe in conjuntion with the script? Like my question is: ''We're going to use a script that allows users to login only one time. However some users need an second login opportunity. How can this be handled in a script?'' Only a second login is allowed for those users. No more than that.
Free Windows Admin Tool Kit Click here and download it now
March 26th, 2011 12:28pm

UserLock might come handy here, as this 3rd-party software solution allows you to limit or prevent concurrent logins, per user, user group, or Organizational Unit and per session type (workstation, terminal, interactive, Internet Information Services<sup> </sup>or VPN/RAS). Limitations can be set in a granular way and can vary from one user to another, one group to another, or one Organizational Unit<sup> </sup>to the other. Franois Amigorena President & CEO IS Decisions (Security Software) http://www.isdecisions.com
December 26th, 2011 4:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics