In many environments you may want to limit the number of times people can login to the network. This can be for many reasons such as ensuring people don't share login information and to ensure that their profile and files don't get our of sync.
You can use the login script along with an option in Windows to accomplish this task.
Setup Limited User Access Directory
To do this, your environment will need to be set up in the correct way. However you may find that you have already many of the components in place and just need to adjust the settings.
Adjust the Login Script
Once you have restricted the user directory, you need to adjust your login script.
First map the drive to their user directory.
net use U: \\fileserver\%username%$
Then you need to check if the mapping was successful. Add the following line immediately below the net use:
iferrorlevel 1 goto logoff
Then add a section called logoff. In the example below a message is also sent to the user to tell them why they have been kicked out. Then follow a command to logoff the user:
:logoff
net send localhost "You are logged in elsewhere. Please log off a the other terminal before trying again."
logoff
Finally if you are going to use the user directory as their home directory, then add the following commands immediately afterwards to set the environment variables correctly:
setx homedrive "U:"
setx homepath "\"
The complete sample ready for copying and pasting in to your own script can be found at the bottom of the page.
Uses for the User Directory
The most common use for the user directory is to redirect the "My Documents" folder. This would allow it to be backed up centrally.
You could also use it for the home to roaming profiles.
With the addition of a registry file applied by the login script, you could also redirect the user's "Favorites", allowing them access where ever they might be.
Questions
Q: Logoff Doesn't Work
A: This seems to only work on servers. For workstations you need the "logoff.exe" file from the "NT4.0 Resource Kit" which you can download from here: http://www.microsoft.com/downloads/details.aspx?FamilyID=3E972E9A-E08A-49A2-9D3A-C0519479E85A&displaylang=en
Q: I need other users to be able to see the contents of the home directories.
A: There may be instances where this is required. In that case, share the folder twice.
For example, share it once as "jsmith$" which is used in the login script as all the other shares are by this name and has the user connection limit applied. Then share it again as "jsmith" or even a different name such as "J Smith Documents" as this name isn't being used in a login script or has a user limit.
Q: I am a network admin and need to see in to all the home directories but don't want to share each twice.
A: In many cases network admins will create the user directories in a main folder called "users". This master folder is shared out (usually hidden: "users$") with restrictions on the share permissions (not the file permissions) to allow only admins access.
Q: Where can I find more information about login scripts?
A: We have a dedicated web site for login scripts at http://loginscripts.info/
Complete Sample - Ready to Copy and Paste.
Remember to turn off word wrap when working in notepad
Top of the Page - Home Page
Last Page Update: 08/03/2012
Copyright Sembee Ltd. 1998 - 2024.
Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions.
All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned within and is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.
Sembee Ltd. is registered in England and Wales at 1 Carnegie Road, Newbury, Berkshire, RG14 5DJ.
Registered company number: 4704428. VAT Number GB 904 5603 43.
Server 1