How to implement LimitLogin

Limitlogin V1.0

LimitLogin is an application that adds the ability to limit concurrent user logins in an Active Directory domain.
It can also keep track of all logins information in Active Directory domains.

LimitLogin capabilities include:
*         Limiting the number of logins per user from any machine in the domain, including Terminal Server sessions.
*         Displaying the logins information of any user in the domain according to a specific criterion (e.g. all the logged-on sessions to a specific client machine or Domain Controller, or all the machines a certain user is currently logged on to).
*        Easy management and configuration by integrating to the Active Directory MMC snap-ins.
*         Ability to delete and log off user session remotely straight from the Active Directory Users and Computers MMC snap-in.
*         Generating Login information reports in CSV (Excel) and XML formats.

Download the LimitLogin: link1   link2


Setting up LimitLogin

1)      Before setting up LimitLogin on the web server, you will need to make sure that ASP.NET is installed on the Windows 2003 server.
2)      Make sure the following Web Extension is set to Allowed in IIS Services: ASP.NET v1.1.4322.

Limitlogin setup components

LimitLogin set-up is combined of three different components: IIS (Web Service), Active Directory and Client.
The set-up should be done in this order since there are dependencies between the components.

LimitLogin is set-up through 3 different MSI installers:
  1. LimitLoginIISSetup.msi, which installs the LimitLogin Web Service (WSLimitLogin)
  2. LimitLoginADSetup.msi, that sets up the Active Directory changes needed for LimitLogin to work.
  3. LimitLoginClientSetup.msi, which installs the client-side requirements for LimitLogin.

LimitLoginIISSetup 1:

The 1st step is to setup up the LimitLogin Web Service and make sure its up and running before we can further continue.
The system requirements for this setup are:
  • Windows Server 2003 with IIS installed

1)      Add WSLimitLogin.asmx to the top of list in the Documents tab of the website.
2)      Verify “Integrated Windows Authentication” is set on the “Directory Security” tab of the website under “Authentication and Access Control”.
Note: Web site must integrated authentication not anonymous.
3)      Attempt to connect to http://hostname/WSLimitLogin.

LimitLoginADSetup 2:

Once the LimitLogin Web Service is set-up and running, you can continue with running the Active Directory Setup.
The Active Directory Setup portion is divided into 2 main parts:

  1. The Forest Setup (or "forestprep")
  2. The Domain Setup (or "domainprep")

The system requirements for this setup are:
  • Windows XP with .NET Framework version 1.1 or Windows Server 2003 (Recommended: Windows 2003 Domain Controller)
  • At least one Windows Server 2003 Domain Controller in the domain

In the 'Installation Options' screen you have 3 options:

    1. 'Prepare your Active Directory Forest for LimitLogin' option should run first.
    2. 'Prepare your Active Directory Domain for LimitLogin'.
    3. 'Install LimitLogin AD MMC add-in tools on this machine' option should run last, after the Forest and Domain preparations have successfully completed

On the first installation, all three check-boxes should be checked.

Prepare your Active Directory Forest for LimitLogin.

This option performs the following operations:

  • Modifies the Configuration Partition to add the LimitLogin AD MMC integration menus.
  • Extends the Forest schema to include the LimitLogin Class and Attributes.

Once this step is successfully completed, you may move to prepare you domain to LimitLogin.

Prepare your Active Directory Domain for LimitLogin.

This option performs the following operations:

  • Creates and configures the llogin.vbs, llogoff.vbs and limitlogin.wsdl files.
  • Creates an Application Directory Partition for LimitLogin.

In the 'Domain Setup' screen, you need to provide the following three parameters:

  • UNC path of the file share where the login scripts will go (e.g. \\Servername\Share).
          Note: This can be a hidden share).
  • Host name of the Web server
  • The LimitLogin Web Service (Default is WSLimitLogin)
  • Optional Use SSL - check this box if you configured the LimitLogin Web Service to use SSL for greater security.

Install LimitLogin AD MMC add-in tools on this machine

This option should run last, after the Forest and Domain preparations have successfully completed.
You will get a pop-up telling you to copy the llogin.vbs, llogoff.vbs and limitlogin.wsdl files to your share. Copy the files at this time.

LimitLoginClientSetup 2:

In order for the domain clients to work with the LimitLogin server-side components, there are client side requirements that need to be installed on every domain member machine. These requirements are installed using the LimitLoginClientSetup.msi installer.

The client setup installs the following:
  1. SOAP Runtime (needed to connect the Web Service)
  2. WTSApiAx.dll (Needed to collect the Session ID before it is sent to the Web Service)

The system requirements for installing the client for LimitLogin
  • Client machines must have .NET Framework version 1.1.4322 or higher to install the client.

Click here to download: .NET Framework V1.1.4322

No comments:

Post a Comment