I am trying to stop students at a college passing around their logins by stopping them from loging into more than one machine at a time. We have win2k Server and the students are using Win2k Pro. I have looked at the polices and cannot find an appropriate one. Any ideas would be welcome Regards

There is no native means in Windows 2000 however you may want to look into this... Install the Windows 2000 Resource Kit tool named CConnect.exe on each client computer. This tool, in conjunction with an .adm file supplied by the tool, can perform the following functions: Limit concurrent connections per user. Log off remote computers when concurrent connections are reached. List all computers that a user is logged on to. List logon servers for each user. Show how many users are logged on to a domain controller (DC). Force a logoff when concurrent connections are reached. Enable debugging of the CConnect tool. Write events to the event log of a specified server concerning the status of the CConnect tool. Save all lists to a file for further examination. Track the last user of the computer and only limit that user from logging on to the computer if the computer was shut down improperly. This tool is included with the Windows 2000 Resource Kit and works with both Windows NT 4.0 and Windows 2000. For Windows 2000, there are no system requirements. For Windows NT 4.0, the following requirements exist: Windows NT 4.0 Service Pack 3 or later must be installed. Microsoft Data Access Components (MDAC) 2.0 must be installed. Windows Scripting Host must be installed. Web Based Enterprise Management (WBEM) must be installed. Version 2.0 Version 2.0 supports Terminal Server restrictions. Hope that helps. Good luck

Ok, now this one got me to thinking, and I know Glen knows his stuff, but I figure, if you can do it in NT 4.0 it should be able to be done in W2K. SO.... I went out and dug up some info, haven't tried it myself, so can't vouch for it, but here it is to restrict workstation access.... 1. Access the user's properties in AD Users and Computers and choose the Account tab. 2. Click the Log On To button and open the Logon Workstations box 3. Select "The following computers" 4. Type the name of the workstation (or browse I think) 5. Click Ok That should only allow them access to workstations you've specified. Let us know if it worked if you can (I'll try to pop back and read this one later on to see).....

Yes, that is sort of a way to do it and you can limit the workstation that a user logs on the network from but I read a bit more into it. Especially in a college environment that he is in, where users are probably sitting at different workstations all the time. So if I create a policy that says that Lucid can only log on from Workstation1 and you sit at Workstation6 that day or maybe you are in a whole different classroom, then you don't get on the network. In other words, you would have to have assigned seating in order to make that work. What I think Paul is looking for is the ability to say the Lucid only logs on to the network one time, where ever he may be logging in from. There is no easy way to do this in w2k. As much as I love w2k, this seems to have been overlooked. The CConnect method I mentioned above sort of corrects this problem. There are also third party utilities that do this like a program called UserLock, but they are usually pretty expensive.

Ok, well, guess Paul will have to try the third party app then....

Cheers Glen & Lucid. I think Glen offers the solution I am going to persue. Thanks to you both for your time and help. Paul