Netware to Active Directory migration: what about limiting concurrent logins?

NDS and NetWare gave network administrators the ability to easily enforce certain restrictions on their network especially the ability for a person to open simultaneous sessions with the same login.

As with most things in Netware Directory Services, restricting concurrent connections could be performed from the administrative workstation using the NetWare Administrator utility.

When migrating to Windows Server and Active Directory, former Netware network administrators are therefore surprised to discover that Windows offers no native feature to prevent or limit simultaneous logins to their new network.

That is where UserLock comes in handy, with concurrent logins limitation features even more powerful than Netware’s native features. UserLock allows you to limit or prevent simultaneous logins to a Microsoft Windows network, per user, user group or per session type (workstation, terminal, interactive or VPN/RAS).

Limitations can be set in a granular way and can vary from one user to another or from one group to another.

With UserLock you will be able to define and enforce:

• the maximum number of concurrent workstations where a user can be logged on
• the maximum number of terminal sessions that a user can open
• the maximum number of simultaneous VPN/RAS sessions that a user can open
• the maximum total number of sessions (all session types) that a user can open

You will also be able to:

• define a maximum limit for combinations of several kinds of sessions.
  You can for example set a custom limit to prevent the number of workstation sessions plus the number of VPN/RAS sessions to be greater than one.
• allow users to remotely logoff an existing session if their number of allowed sessions has already been reached.
  A user will then be able to remotely close a previous session from the new workstation on which he is not allowed to logon due to his current UserLock restriction.