Yesterday, Microsoft released Limitlogon , an upgrade to CConnect.exe. CConnect.exe provided very basic concurrent login limiting abilites, and Limitlogin has vastly improved on that.
In a nutshell, Limitlogin allows you to control how many times a user can log in concurrently (on more than one machine at once). It cannot limit OWA usage, but it can be used on client workstations and through terminal server/remote web workplace (haven’t tried it, but can’t see why not) sessions. (Be warned, the default setting is 1 unique logon, which will prevent a person logged into their workstation from logging into any terminal server in the Limitlogon domain)
I just finished installing it on my test SBS server, and I must say I’m impressed.
Susan had hopes that it would allow login/logoff reporting, but sadly enough, its reporting is only limited to currently logged on users, and it has no retention mechanism for capturing login/logoff times.
The install is complex by Microsoft standards, so read the included help file carefully. There is an order in which you need/should install the three components. IIS first, AD second, and Client last. Didn’t really come aross any “gotchas”, but I did find that I needed to install the AD side of things as the actual Administrator, no matter what rights I gave myself. Personally, I used a “hidden” share to store the logon/logoff scripts. (You can make a share “hidden” by prefixing it with a dollar sign $), just to keep my list of shares looking clean. There IS a client side part to this tool unfortunatly. The help file includes a step through of setting up a group policy to manually push out the client side package.
When fully installed, it adds another item to the right click context menu in AD. This allows to to configure on a per user basis a logon quota, and if quotas are enabled for this user, to view where they are currently logged in. This is handy for enabling/viewing quotas for the average user, but allowing the IT support staff to log in all over the place. As manually configuring each user would be tiresome, there’s also two scripts (Bulk_LimitUserLogins.vbs and Bulk_UnLimitUserLogins.vbs) that can be used to bulk apply or remove logon quotas to all objects in an Domain. I haven’t yet run these scripts on a production SBS box, since I’m a bit worried that it found 19 users on my test SBS server (when there’s only 5 or so) to apply logon quotas to. I can’t see any of the “System” users logging into the server more than once, but you never know.