Ask the Expert

Prevent all users except admins from logging onto more than one PC

I want to prevent all users (except administrators) connected to our LAN from logging onto more than one computer at any given time, but they should still be able to log on to any computer in their department. All users log onto the Windows 2000 domain controller and are Windows professional clients. How can this be implemented from the Domain Controller level?

    Requires Free Membership to View

This is not a perfect solution, but it may get you most of the way there:

1. Go to the server that manages your domain, and use Explorer to open the folder where the user's roaming profiles are stored (usually %SystemRoot%Profiles[username]).
2. Select a user's folder, right-click on it, then select Properties | Sharing.
3. Share out the folder, and under User Limit select "Allow this number of users:" and set the value to 1.
4. Then click Permissions, remove access for all users, and then add access for only the user in question.

This only allows one connection at a time to the profile folder, which means that a user cannot log on to the same server twice.

One advantage of doing it this way is that you can select which users to enforce this on. Downside: If you have a lot of users in your LAN, this could be tedious to set up.

This was first published in July 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: