TechNet Magazine
Click to Rate and Give Feedback
 Utility Spotlight: Limit Login Atte...
Tips
You can manage SQL Server from a command line just as you would any other service. Here are the commands you need to know. ...

Read more!

With a core server installation, you have a minimal UI that includes a limited desktop environment for local console management of the server. Here is an overview of key commands and utilities you’ll use for managing server core installations while logged on locally. ...

Read more!

Discover how the new Problem Steps Recorder can help you troubleshoot problems on remote systems by letting you see exactly what actions are taking place on the system. ...

Read more!

With Windows Server 2008 you can configure four types of scripts: Computer Startup Executed during startup; Computer Shutdown Executed prior to shutdown; User Logon Executed when a user logs on; and User Logoff Executed when a user logs off. Here's how to write these useful scripts. ...

Read more!

Auditing in Exchange Server offers many options for tracking important information. We show you all of them and how to configure the policy you want in seven simple steps. ...

Read more!

Related Articles

Many IT shops are divided into two camps—the Windows team and the Linux team—but we all have the same ultimate goal of providing high-quality and cost-effective IT services. One way you can do this is by sharing core software infrastructure. Think Windows and Linux don’t mix? See how you can configure Linux machines to use Active Directory for authentication.

Gil Kirkpatrick

TechNet Magazine December 2008

...

Read more!

Group Policy is used in almost every environment and relied on by many to secure and their Windows environment. Surprisingly few have introduced automation into the process, however. This article explains how to take advantage of the GPMC APIs and Windows PowerShell to automate management of Group Policy in your organization.

Darren Mar-Elia

TechNet Magazine June 2009

...

Read more!

Active Directory provides a great deal of flexibility for supporting a large or decentralized environment, but maintaining the integrity of your data can be challenging. Active Directory replication defines how updates are communicated throughout your environment and how conflicts are resolved. Here's what you need to know to meet the challenge.

Laura E. Hunter

TechNet Magazine October 2007

...

Read more!

Proxy authentication lets users perform a simple bind to an Active Directory Lightweight Directory Services instance but still have an association to an Active Directory account. This can be very useful: it gives developers full access to a user object without giving them access to the Active Directory account, and it allows products that require the X.500 format to be used with Active Directory. Here’s what you need to know about proxy authentication.

Ken St. Cyr

TechNet ...

Read more!

Data recovery in Active Directory can be very complex, yet it’s essential that you have a recovery plan in order. We show you how Active Directory stores, deletes, restores, and replicates objects so you can be prepared the next time a user or group membership is accidentally deleted.

Gil Kirkpatrick

TechNet Magazine April 2007

...

Read more!

Popular Articles

Greg Steen discusses recovering from system crashes with Replay RA - Recovery Accelerator, managing compressed archives with WinRAR, using TortoiseSVN to simplify source control, measuring disk I/O with Iometer, as well as rebooting servers remotely with the APC Switched Rack PDU, and looks at the book "Windows Group Policy: Windows Server 2008 and Windows Vista".

Greg Steen

TechNet Magazine January 2009

...

Read more!

Aaron Margosis

TechNet Magazine August 2006

...

Read more!

Take a close look at SharePoint Security Accounts to see how a weak configuration can give an attacker full control over all site collections and sites.

Pav Cherny

TechNet Magazine January 2009

...

Read more!

Windows Vista SP1 and Windows Server 2008 introduce important changes to BitLocker, including support for data volumes and improved protection against cryptographic attacks. Byron Hynes explores the new features, demonstrates how to use BitLocker on a server, and discusses some of the recent media coverage affecting BitLocker.

Byron Hynes

TechNet Magazine June 2008

...

Read more!

Drivers fail, files get corrupted, disks crash--there are numerous uncontrollable reasons why Windows might fail. But all is not lost. Wes Miller explores the kinds of things that can go wrong in a Windows system, and explains how you can troubleshoot them to get your system working again.

Wes Miller

TechNet Magazine January 2009

...

Read more!

Our Blog

NAP monitors the health of specified computers when they attempt to connect to a network and includes a number of mechanisms to enforce health requirements. In this article, Geek of All Trades Greg Shields gives readers an overview of these enforcement mechanisms and, as an example, takes a closer look at setting ...

Read more!

Use Windows PowerShell to Manage Virtual Machines Here are a few examples of how you can use Windows PowerShell scripts to manage virtual machines running on a Server Core installation. Note that these scripts are presented as samples and may need to be customized to work in your environment.

Create a New ...

Read more!

Disabling an Unused Part of Group Policy Objects One way to disable a policy is to disable an unused part of the GPO. By disabling part of a policy that isn’t used, the application of GPOs and security will be faster.

Administer Windows Server 2008 Server Core from the Command Prompt ...

Read more!

In the August 2008 issue of TechNet Magazine, Paul Randal wrote an article Top Tips for Effective Database Maintenance.  It was geared toward "involuntary  DBAs" (IT pros who inadvertently wind up responsible for a SQL Server instance).  The article had a great response from our readers so Paul has written another ...

Read more!

Microsoft Forefront is designed to deliver an integrated security solution that makes it much easier to deploy and manage security across an organization’s IT infrastructure. In this, our annual security issue, we feature two articles that describe how Forefront Security protects instant messaging and e-mail.

Protect ...

Read more!
Utility Spotlight Limit Login Attempts With LimitLogin
Download the code for this article: LimitLogin.exe (4,112KB)

Ever needed to limit concurrent user logins in an Active Directory® domain? Ever wanted to keep track of information about every login in a domain? If so, LimitLogin is for you.
LimitLogin is an application written by Yossi Saharon, a Partner Technology Specialist with Microsoft in Israel, with help from Ofer Bar, an application development consultant. The application adds the ability to limit concurrent user logins and to keep track of all login information in an Active Directory domain. LimitLogin capabilities include limiting the number of logins per user from any machine in the domain (including Terminal Server sessions), displaying the login information of any user in the domain according to specific criteria, easy management and configuration through integration with the Active Directory Microsoft® Management Console (MMC) snap-in, the ability to delete and log off a user session remotely straight from the Active Directory Users and Computers MMC snap-in, and the ability to generate login information reports in CSV and XML formats.
While the main purpose of LimitLogin is to enforce concurrent login quotas, it can also be used purely as a login data capture solution that lets you manage your Active Directory environment more effectively. You can configure all users in the domain to have an unreachably high login quota and simply let the scripts do the work of updating your login data, without reaching the quota that was set. The UI tools allow you to set the login quota, and you can do so programmatically using the sample script code provided with the tool in Bulk_LimitUserLogins.vbs. You can also scope this script to an Organizational Unit level. The default script runs on all of the user accounts in the domain.
LimitLogin's architecture is built around three main elements:
  • A Web service that handles the back-end processing on the server
  • An application directory partition that holds the login information
  • Login and logoff VBS scripts
Figure 1 Validating a User Login 
When a user logs on to the domain, the llogin.vbs file runs and sends the host machine's data (computer name, IP address, session ID, and authenticating DC name) to the LimitLogin Web service as XML, using SOAP. The Web service uses the client's security context against Active Directory and checks to see if this user is configured for LimitLogin and has a login quota in the LimitLogin application directory partition.
If the user does not have a login quota set, then the Web service notifies the script that it should continue to log in normally. If the user does have a login quota in place, then the Web service counts the number of registered logins the user has collected in the LimitLogin application directory partition. If the user's login quota is less than the actual number of logins registered in Active Directory, then the Web service updates the user's login information in the LimitLogin application directory partition and notifies the login script to continue login normally. If the user's login quota is equal to or exceeds the number of logins registered in Active Directory, however, then the Web service notifies the login script to log off the current session. This process is outlined in Figure 1. A related process happens with llogoff.vbs when a user logs off from the domain.
While some similar solutions require SQL Server to work, LimitLogin uses your Active Directory database. It creates an application directory partition on a domain controller in the domains for which you want to use the app. LimitLogin supports Windows 2000 Professional Service Pack 4 and later, Windows 2000 Server Service Pack 4 and later, Windows XP Professional Service Pack 1 and later, and Windows Server 2003. You can download LimitLogin from the link at the top of this article.

© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.
Page view tracker