Charles' System Admin Blog: November 2014

As the limit login program is only supported on Server 2003, when we upgraded our domain controllers to server 2012 I needed to find a different solution to limit user logins. After some research I came across this script which works well. Create two vbs files from the code below, and add to the logon and logoff script settings in group policy. It creates a text file for each user in the server share folder specified, just edit the highlighted server share path in the logon script, and that should be it!

Logon Script

'== Limit User Logins
'== Written by: James Gzowski (2010)
'== Logon Script
'== This script consists of two parts, Logon.vbs & Logoff.vbs
'== The script is designed to prevent multiple logons on a network from different workstations
'== This will not work for Terminal Servers where each user will login on the same server.
'== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in.
'== If this happens, then the next user to log into their workstation will clear their session
'Set Objects
Set oShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
SET WshShell = createObject("WScript.shell")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
ServerShare = "\\server\path" 'Requires Users Full Read/Write Access
OldSession = ""
CurrentWorkstation = ""
'Get Username & Workstation
UserID=oShell.ExpandEnvironmentStrings("%UserName%")
WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")

'Check whether user is allowed to logon more than once, if so set to true
SET checkShell = createObject("WScript.shell")
Dim oFSO, oTS, AllowedUser, Allowed
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile(ServerShare & "allowedusers.txt")
Allowed = "FALSE"
Do Until oTS.AtEndOfStream

'get next username
Suser = oTS.ReadLine

if UserID = Suser then Allowed = "TRUE"
Loop
'close the text file
'wshShell.Popup "User Allowed " & Allowed
'SET WshShell = Nothing
oTS.Close

SELECT CASE Allowed
CASE "FALSE"
'Check Whether Workstation Has Old Login Session and clear
If objFSO.FileExists( ServerShare & WorkstationID & ".txt") Then
Set objFile = objFSO.OpenTextFile(ServerShare & WorkstationID & ".txt", intForReading, False)
Oldsession = objFile.ReadLine
objFile.Close
  If objFSO.FileExists( Servershare & Oldsession & ".txt" ) Then
   objFSO.DeleteFile(ServerShare & Oldsession & ".txt")
  End if
End if

'Check If Users Logged In
If objFSO.FileExists ( ServerShare & UserID & ".txt") then
Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
CurrentWorkstation = objFile.ReadLine
objFile.Close

'Report Failed Login To LoginsDenied.log
If objFSO.FileExists (ServerShare & "LoginsDenied.log") then
  SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsDenied.log", intForAppending, True)
  ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
else
  Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsDenied.log")
  ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
End If
ObjFile.Close
'Shutdown Process'
shutdown = "shutdown /l"
WshShell.Popup _
"You are already logged onto: " & CurrentWorkstation & "." & vbcrlf & _
"If this is not you please contact the IT Department." & vbcrlf & vbcrlf & _
    "This event has been logged to track possible account misuse." & vbcrlf & vbcrlf & _
   "You will now be logged off",20,"Multiple User Login Detected: " & UserID,16
WshShell.Run(shutdown)
SET WshShell = Nothing

Else
'Create Text Files
Set objFile = objFSO.CreateTextFile(ServerShare & WorkstationID & ".txt")
ObjFile.Write(UserID)
ObjFile.Close
Set objFile = objFSO.CreateTextFile(ServerShare & UserID & ".txt")
ObjFile.Write(WorkstationID)
ObjFile.Close
'Report Accepted Login To LoginsAllowed.log
If objFSO.FileExists (ServerShare & "LoginsAllowed.log") then
  SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsAllowed.log", 8, True)
  ObjFile.Writeline ("Logged On - Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
else
  Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsAllowed.log")
  ObjFile.Writeline ("Logged On - Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
End If
ObjFile.Close

End If
End select

Logoff Script

'Set Objects
Set oShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
SET WshShell = createObject("WScript.shell")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
ServerShare = "\\Server\path" 'Requires Users Full Read/Write Access
CurrentSession = ""
'Get Username & Workstation
UserID=oShell.ExpandEnvironmentStrings("%UserName%")
WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
'Check If Login Session Is Correct To Workstation & User'
If objFSO.FileExists (ServerShare & UserID & ".txt") Then
Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
' Read the first line if the file is not empty
CurrentSession = objFile.ReadLine
objFile.Close
If CurrentSession = WorkstationID then
  objFSO.DeleteFile(ServerShare & WorkstationID & ".txt")
  objFSO.DeleteFile(ServerShare & UserID & ".txt")
End if
End If

Charles' System Admin Blog

Monday 10 November 2014

Limit User Logins Script For Microsoft Server 2008 - 2012 R2

Monday 3 November 2014

Users Home Folders Displayed As My Documents Instead of Username