Utility Spotlight: Limit Login Attempts With LimitLogin

United States - English

Argentina (Español)

Australia (English)

Brasil (Português)

Canada (English)

中国 (简体中文)

Colombia (Español)

Deutschland (Deutsch)

United Kingdom (English)

United States (English)

Welcome Sign in

TechNet Magazine

Printer Friendly Version

Send

Utility Spotlight: Limit Login Atte...

Share this Page

	Live Favorites
	DotNet Kicks
	Digg
	Slashdot
	del.icio.us
	Yahoo!
	Technorati
	ma.gnolia
	reddit

Interop: Authenticate Linux Clients with Active Directory

Many IT shops are divided into two camps—the Windows team and the Linux team—but we all have the same ultimate goal of providing high-quality and cost-effective IT services. One way you can do this is by sharing core software infrastructure. Think Windows and Linux don’t mix? See how you can configure Linux machines to use Active Directory for authentication.

By Gil Kirkpatrick (December 2008)

Interop: Interacting with Windows from a Mac Environment

How times have changed! These days it is fairly easy to bring Macs into your Windows network infrastructure. And with a little work you can even integrate some of the operating system services. Learn how to connect Macs to Active Directory, see how you can use Entourage with Exchange, integrate the Messenger for Mac 7 application with your Windows-based communications, and explore how you can bridge the platforms with virtualization.

By Wes Miller (December 2008)

Active Directory: Understanding Proxy Authentication in AD LDS

Proxy authentication lets users perform a simple bind to an Active Directory Lightweight Directory Services instance but still have an association to an Active Directory account. This can be very useful: it gives developers full access to a user object without giving them access to the Active Directory account, and it allows products that require the X.500 format to be used with Active Directory. Here’s what you need to know about proxy authentication.

By Ken St. Cyr (December 2008)

Windows Administration: Taking Your Server’s Pulse

Your users are complaining that a server is running poorly—do you know where to look to diagnose the problem? PerfMon can be an indispensible tool for this as it has numerous diagnostic capabilities. Get an overview of the key indicators you should use to diagnose a variety of common bottlenecks that can slow down your servers.

By Steven Choy (August 2008)

More ...

Popular Articles

IIS: Going Live with IIS 7.0

The release of Internet Information Services 7.0 sets new standards, offers fundamental improvements, and brings new capabilities for consolidating Web environments. Explore the most important enhancements and get an in-depth guide to testing, staging, and migrating your Web apps to IIS 7.0.

By Fergus Strachan (July 2008)

Communications and Collaboration: How Voice Powers OCS 2007

Microsoft Office Communication Server brings important changes to enterprise telephony. Examine how voice calls are made layer by layer, learn how calls can be routed to various endpoints, and explore the importance of conversations in OCS communications.

By Rajesh Ramanathan (July 2008)

System Center: Granular Targeting in Operations Manager 2007

For every monitoring object you build, you must also decide what target to use. Choosing the correct target is critical, but knowing how to go about choosing the correct target is not always clear. Steve Rachui explores various options for correct targeting in OpsMgr and provides guidance for choosing the appropriate method for each scenario.

By Steve Rachui (November 2008)

Security: Understanding Shared Account Password Management

Shared and privileged account passwords are commonplace, but far too many organizations fail to adequately manage these shared passwords. This creates a serious security issue. Explore the risks involved with shared and privileged accounts, and discover better approaches to managing more secure passwords.

By Chris Stoneff (September 2008)

More ...

Read the Blog

Understanding Proxy Authentication in AD LDS

Sustainable Computing: Power Management Settings for Compliance and a Reduced Footprint

The latest installment of our online-only Sustainable Computing column is now available. Find out how you can: Bring Windows Server 2008 and Windows Vista Power Management Settings into Compliance Bring Windows Server ...
Read more!

Utility Spotlight Change Analysis Diagnostic

The complexity of systems today makes troubleshooting more difficult than ever. It’s harder to keep track of what has changed, when, and how that relates to everything else. If something goes wrong, chances are good that users will ...
Read more!

Managing Macs in Your Windows Environment

Have various workers in your company been showing up with questions about Macs? The odds of having a homogeneous network today are very unlikely. Macs are becoming increasingly popular and chances are if you don't already have some on your network, soon you will. Don't consider this a burden. This actually creates a fantastic ...
Read more!

Authenticate Linux Clients with Active Directory

Did you just go “whoa!” when you saw that title? Bet you never thought you’d see that here! But the times, as they say, are a-changing and we have too. Many organizations today use multiple operating systems. We all have the same goal of providing high-quality, cost-effective IT services to the ...
Read more!

TechNet Magazine December 2008 Interop issue now online

The December 2008 issue of TechNet Magazine is now available online. And it's filled with information ...
Read more!

More ...

Utility Spotlight Limit Login Attempts With LimitLogin

Download the code for this article: LimitLogin.exe (4,112KB)

Ever needed to limit concurrent user logins in an Active Directory® domain? Ever wanted to keep track of information about every login in a domain? If so, LimitLogin is for you.

LimitLogin is an application written by Yossi Saharon, a Partner Technology Specialist with Microsoft in Israel, with help from Ofer Bar, an application development consultant. The application adds the ability to limit concurrent user logins and to keep track of all login information in an Active Directory domain. LimitLogin capabilities include limiting the number of logins per user from any machine in the domain (including Terminal Server sessions), displaying the login information of any user in the domain according to specific criteria, easy management and configuration through integration with the Active Directory Microsoft® Management Console (MMC) snap-in, the ability to delete and log off a user session remotely straight from the Active Directory Users and Computers MMC snap-in, and the ability to generate login information reports in CSV and XML formats.

While the main purpose of LimitLogin is to enforce concurrent login quotas, it can also be used purely as a login data capture solution that lets you manage your Active Directory environment more effectively. You can configure all users in the domain to have an unreachably high login quota and simply let the scripts do the work of updating your login data, without reaching the quota that was set. The UI tools allow you to set the login quota, and you can do so programmatically using the sample script code provided with the tool in Bulk_LimitUserLogins.vbs. You can also scope this script to an Organizational Unit level. The default script runs on all of the user accounts in the domain.

LimitLogin's architecture is built around three main elements:

A Web service that handles the back-end processing on the server
An application directory partition that holds the login information
Login and logoff VBS scripts

Figure 1 Validating a User Login

When a user logs on to the domain, the llogin.vbs file runs and sends the host machine's data (computer name, IP address, session ID, and authenticating DC name) to the LimitLogin Web service as XML, using SOAP. The Web service uses the client's security context against Active Directory and checks to see if this user is configured for LimitLogin and has a login quota in the LimitLogin application directory partition.

If the user does not have a login quota set, then the Web service notifies the script that it should continue to log in normally. If the user does have a login quota in place, then the Web service counts the number of registered logins the user has collected in the LimitLogin application directory partition. If the user's login quota is less than the actual number of logins registered in Active Directory, then the Web service updates the user's login information in the LimitLogin application directory partition and notifies the login script to continue login normally. If the user's login quota is equal to or exceeds the number of logins registered in Active Directory, however, then the Web service notifies the login script to log off the current session. This process is outlined in Figure 1. A related process happens with llogoff.vbs when a user logs off from the domain.

While some similar solutions require SQL Server™ to work, LimitLogin uses your Active Directory database. It creates an application directory partition on a domain controller in the domains for which you want to use the app. LimitLogin supports Windows 2000 Professional Service Pack 4 and later, Windows 2000 Server Service Pack 4 and later, Windows XP Professional Service Pack 1 and later, and Windows Server™ 2003. You can download LimitLogin from the link at the top of this article.

Product Families

Resources

About Microsoft

Popular Places

Popular Searches

Popular Downloads