Limiting Users to A Single Logon In The Domain

You are here:
< Back
Limiting Users to A Single Logon In The Domain
Last Updated: 04 Apr 2005

*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***

The question often arises of how to limit a user to a
single concurrent login session in NT4/Win2K.  Depending
on exactly what you are trying to accomplish, there are
a few different ways to go about it.

Under NT4, go to:

  "User Manager --> User Properties --> Logon To"

Under Win2K, go to:

  "Active Directory Users and Computers --> User Properties --> Account --> Logon To"

...and you will see an option to limit each user to a
specific workstation (or workstations). If your users are
never mobile, then this may be a simple solution for you,
although it is a pain to manage for a large number of
users (time for ADSI).

If, however, you don't care which machines your users
initially logon to, but you want to ensure that they
can't logon anywhere else until they logoff from the
first location, then the solutions are less straight-

You can make use of a logon script and check for
connections to Home Directories:


Or you can make use of a couple Microsoft utilities:



• MaxLogons ...............
• Signon Limiter ..........
• UserLock ................