By abhishek |

I have always asked this question to my colleagues as to "How do i restrict Multiple Logins in an Active Directory Setup"

So here is the answer

Create a file when a user login and check for such file each time the login request is received  if file exists logoff, if file is not present Login and create the file. Its that simple

Below is the step by step process to achieve this using Group Policy


  1. Windows 2003 AD is being used
  2. //<server>/logon is shared and write access is given to everyone

The Steps

Step 1) Create 2 batch files in C:\WINDOWS\SYSVOL\sysvol\\scripts\logon

File 1: login.bat

If Exist \\server\logons\%username%.txt Goto notlogon
Echo %username% logged in from %computername% > \\server\logons\%username%.txt
Echo %username% logged in from %computername% > \\server\logons\%computername%.txt
Goto end

File 2: logout.bat

If Not Exist \\server\logons\%computername%.txt goto notlogon
Del \\server\logons\%username%.txt
Del \\server\logons\%computername%.txt
Goto end

Step 2) Modify Group Policy

Edit the Group Policy related to the OU where you want to disable multiple logins, In Group Policy Object Editor locate to

User Configuration > Windows Settings > Scripts (Logon/Logoff)

Add the login.bat created earlier in Logon and logout.bat in Logoff

Adding Login Script on Group Policy

thats it now when you login a file would be created in //<server>/logon with the username and computername of the loggedin user and he/she will not be able to login to other computer and once he logoff these would be automatically deleted and the user will be allowed to login on any Client.

This was simple

Dear Abhishek

I have tried this in my Active directory its working fine and feel simple.
while applying this script if userA is logged in his system and userB cont login with userA ID in another system,
but if userA locked his system means userB can able to login with same userA's id in other systems...
How can i slove this !
kindly suggest me some ideas...