A common complaint among administrators of Windows domains is that it's very difficult to keep a user from logging in multiple times from different locations, such as a desktop and a Terminal Server/Remote Desktop connection.
In the past, I've talked about various workarounds for this problem, but none of them has been that effective. Now it seems Microsoft has come to the rescue--although only up to a point.
LimitLogin 1.0 is an application (actually, it's three applications, but we'll get to that in a minute) that lets you limit the number of concurrent user logins for an Active Directory domain; it can also be used to track login information in AD. Aside from allowing only a certain number of logins for a given user throughout a domain, it can also bring up login information for any user in the domain according to various criteria, such as all users currently logged in through Remote Desktop connections. Users can be remotely logged off through the Active Directory Users and Computers MMC application, and login information can be exported to CSV or XML files for analysis.
LimitLogin 1.0 has three components: a Web service, an Active Directory component and a client-side component. The three pieces need to be installed in that order, and the client-side component needs to be present on all clients where users are logging in from. The included documentation spells out how to set up each piece and how to push out the .MSI with the client components to your workstations.
Two scripts that are included let you bulk-apply or bulk-remove logon quotas for users. But you should be very careful using them since they work by default on all users (including built-in system accounts). Finally, the tool comes with no support whatsoever, so use it carefully.
Serdar Yegulalp is editor of The Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!