Is it possible to somehow force that one and only one account (in the case the account is shared) is logged to an Active Directory environment at any moment?
What we want to do is to discourage the use of "account sharing" where one user shares its login credentials with another user so he can have network privileges he is not supposed to have (i.e. shared folders access, internet access profile, etc.).
Ideally we would like to force an AD rule where if user_1 is already logged in and then comes another user and tries to log into the network with the same credentials then he is denied access (and create and audit record of the user "collision").
Any pointers/links/help will be greatly appreciated.
Best Answer
You don't say which version of windows, but if it is for 2000 or 2k3 This technet article will tell you exactly how to do this. It doesn't seem there is a way to do this in 2k8 (at least not that i could find easily)