Microsoft has included the Concurrent Connection Limiter (Cconnect) utility with Windows 2000/2003 Server Resource Kit.
If the only Cconnect function you require is concurrent logon restrictions and you're running W2K/XP systems only on the desktop in a AD environment, you can add calls to cconnect.vbs and cclogoff.vbs to the user's logon and logoff scripts. You can deploy Cconnect throughout your W2K domain without ever touching a workstation if you define your logon scripts in Group Policy under
Cconnect deletes active logon records from the sql db only when a user logs off correctly. This means that a user can be improperly denied logon. To fix the problem, you must use Cconnect Administrator to manually delete the old logon record. Since the number of simultaneous logons is a registry entry on the workstation, it can be circumvented by hacking the registry. A real problem is Cconnects lack of security considerations in its design. Cconnect Client stores SQL Server user and password data in clear text in the registry. By default, this account has sa privileges. If you understand this, the account's privileges can be restricted. This is not a realistic expectation. From a hacker's perspective, Cconnect installed with defaults, is a hacker's pathway to gaining elevated privileges to the sql server. If you are going to use it, get a dba to restrict the account used by Cconnect to only the tables required. If you use Cconnect on NT workstations, you will have to install some W2K-like requirements: windows scripting host, web-based enterprise management and mdac. OK, OK - there is no free lunch. After all it IS a utility in the W2K Server Resource Kit, not the Windows NT Server Resource Kit. If you have the cash, consider the application software "UserLock".
or, you can create a simple script yourself.
stty erase '^C'
stty intr ''
tt=`who | grep $tt | wc -l`
if [ $tt -gt 1 ]
echo Already logged on. Please press Enter to exit.
stty intr '^C'
if [ -f /etc/bashrc ]; then
do not use the above script for a ROOT level Account user.
it is also possible (not for large scale usage however) to set user account logons to specific ip addresses if you do not run DNS. this works for small groups where security is paramount as it locks user info with a unique computer's ip address.