As the limit login program is only supported on Server 2003, when we upgraded our domain controllers to server 2012 I needed to find a different solution to limit user logins. After some research I came across this script which works well. Create two vbs files from the code below, and add to the logon and logoff script settings in group policy. It creates a text file for each user in the server share folder specified, just edit the highlighted server share path in the logon script, and that should be it!
Logon Script
'== Limit User Logins
'== Written by: James Gzowski (2010)
'== Logon Script
'== This script consists of two parts, Logon.vbs & Logoff.vbs
'== The script is designed to prevent multiple logons on a network from different workstations
'== This will not work for Terminal Servers where each user will login on the same server.
'== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in.
'== If this happens, then the next user to log into their workstation will clear their session
'Set Objects
Set oShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
SET WshShell = createObject("WScript.shell")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
ServerShare = "\\server\path" 'Requires Users Full Read/Write Access
OldSession = ""
CurrentWorkstation = ""
'Get Username & Workstation
UserID=oShell.ExpandEnvironmentStrings("%UserName%")
WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
'Check whether user is allowed to logon more than once, if so set to true
SET checkShell = createObject("WScript.shell")
Dim oFSO, oTS, AllowedUser, Allowed
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile(ServerShare & "allowedusers.txt")
Allowed = "FALSE"
Do Until oTS.AtEndOfStream
'get next username
Suser = oTS.ReadLine
if UserID = Suser then Allowed = "TRUE"
Loop
'close the text file
'wshShell.Popup "User Allowed " & Allowed
'SET WshShell = Nothing
oTS.Close
SELECT CASE Allowed
CASE "FALSE"
'Check Whether Workstation Has Old Login Session and clear
If objFSO.FileExists( ServerShare & WorkstationID & ".txt") Then
Set objFile = objFSO.OpenTextFile(ServerShare & WorkstationID & ".txt", intForReading, False)
Oldsession = objFile.ReadLine
objFile.Close
If objFSO.FileExists( Servershare & Oldsession & ".txt" ) Then
objFSO.DeleteFile(ServerShare & Oldsession & ".txt")
End if
End if
'Check If Users Logged In
If objFSO.FileExists ( ServerShare & UserID & ".txt") then
Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
CurrentWorkstation = objFile.ReadLine
objFile.Close
'Report Failed Login To LoginsDenied.log
If objFSO.FileExists (ServerShare & "LoginsDenied.log") then
SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsDenied.log", intForAppending, True)
ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
else
Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsDenied.log")
ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
End If
ObjFile.Close
'Shutdown Process'
shutdown = "shutdown /l"
WshShell.Popup _
"You are already logged onto: " & CurrentWorkstation & "." & vbcrlf & _
"If this is not you please contact the IT Department." & vbcrlf & vbcrlf & _
"This event has been logged to track possible account misuse." & vbcrlf & vbcrlf & _
"You will now be logged off",20,"Multiple User Login Detected: " & UserID,16
WshShell.Run(shutdown)
SET WshShell = Nothing
Else
'Create Text Files
Set objFile = objFSO.CreateTextFile(ServerShare & WorkstationID & ".txt")
ObjFile.Write(UserID)
ObjFile.Close
Set objFile = objFSO.CreateTextFile(ServerShare & UserID & ".txt")
ObjFile.Write(WorkstationID)
ObjFile.Close
'Report Accepted Login To LoginsAllowed.log
If objFSO.FileExists (ServerShare & "LoginsAllowed.log") then
SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsAllowed.log", 8, True)
ObjFile.Writeline ("Logged On - Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
else
Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsAllowed.log")
ObjFile.Writeline ("Logged On - Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
End If
ObjFile.Close
End If
End select
Logoff Script
'Set Objects
Set oShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
SET WshShell = createObject("WScript.shell")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
ServerShare = "\\Server\path" 'Requires Users Full Read/Write Access
CurrentSession = ""
'Get Username & Workstation
UserID=oShell.ExpandEnvironmentStrings("%UserName%")
WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
'Check If Login Session Is Correct To Workstation & User'
If objFSO.FileExists (ServerShare & UserID & ".txt") Then
Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
' Read the first line if the file is not empty
CurrentSession = objFile.ReadLine
objFile.Close
If CurrentSession = WorkstationID then
objFSO.DeleteFile(ServerShare & WorkstationID & ".txt")
objFSO.DeleteFile(ServerShare & UserID & ".txt")
End if
End If
Hey, I#Ve got a Problem with the Log-On Script on Windows Server 2012R2.
ReplyDeleteAll time i get the error 800A0034 Unkown Filename or Number.
I've checked my Server Share several times and allowed all Users to read and write there. But the Script doesnt even create the .txt File.
Line 27 Sign 1 sorry forgot that
DeleteSorry can you Explain Line 27 Sign 1
DeleteI have the same Problem
This comment has been removed by the author.
DeleteRe Line 27. Its not that line giving the prob.
DeleteYou need to make sure this - ServerShare = "\\Server\path" looks like this (as an example) "\\MyServersName\ShareName\". It's the trailing '\' thats missing. It will work then. Remember to alter for all found instances.
.....and create a file in there called allowedusers.txt Couldn't get mine to work without it....
DeleteScript is working awesome only one issue which I am facing with it, let me give you an example so that you can understand my issue in more better way.. Suppose "User1" login to "ComputerA" and after that "User1" tried to login on "ComputerB", So at that time "User1" received the message that "You are already logged on ...." and after few seconds system log-off, but when same user "User1" log-out from "ComputerA" and once again tried to login on "ComputerB" "User1" received same message about already login on another computer but he/she already log-out from that system.
ReplyDeleteSo my query is how to fix this problem, please reply me soon as I am waiting for your reply, Thanks in advance.
Script is working awesome only one issue which I am facing with it, let me give you an example so that you can understand my issue in more better way.. Suppose "User1" login to "ComputerA" and after that "User1" tried to login on "ComputerB", So at that time "User1" received the message that "You are already logged on ...." and after few seconds system log-off, but when same user "User1" log-out from "ComputerA" and once again tried to login on "ComputerB" "User1" received same message about already login on another computer but he/she already log-out from that system.
ReplyDeleteSo my query is how to fix this problem, please reply me soon as I am waiting for your reply, Thanks in advance.
Excellent Job
ReplyDeleteIf user having Limited access then what will happen
ReplyDelete...
Actually i am applied and check if user logoff and and relogin to another system, Manually we have delted the log from given folder path...
script funciona perfeito quando o usuario é administrador, se for usuario comum da erro durante a execução do script de logon, da uma msg de acesso negado. os arquivos de texto são criados normalmente, porem os usuarios limitados conseguem fazer logins simultaneos na rede.
ReplyDelete