Ian,
Cconnect is an old reskit utility that prevents multiple logons with the
same account. As far as group policy being used to limit concurrent logins,
I would be curious as to where your source told you that this could be set,
as I am not aware of any group policy setting that allows this.
Are your users supposed to log on to specific machines (e.g., only their own
desktops)? If so, you could do something as simple as specifying on the user
objects in AD that they could only log on to that one machine. As you're
aware, you have a larger problem in that your users are sharing credentials,
but that's another issue.
Last, there is an old kludge to limit concurrent logins by scripting a drive
mapping for the user to a home directory to which you have limited
concurrent usage to one person, and disallowing login if that drive cannot
be mapped. That may also be an option for you.
Laura
-----Original Message-----
From: Ian Turnbull [mailto:ian.turnbull@mpsgi.com]
Sent: Friday, January 28, 2005 4:33 AM
To: focus-ms@securityfocus.com
Subject: Re: Preventing multiple logins in 2003
In-Reply-To: <20050126172219.25359.qmail@www.securityfocus.com>
Joshua,
Thanks for the input but I feel smart cards would not be an
option due to cost. I understand that this is probably the
most sensible option but this something we shall revisit in
the future.
Laura,
What is cconnect? I have been informed that GP can prevent
multiple accounts being logged in at the same time. Any ideas
on where this can be located? However it does not stop users
giving their username and password to other members of staff.
The business has been made aware of this.
Once again thanks for all of your help.
Regards
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
