Other than restricting logon to a single computer, Windows NT does not support any standard method of preventing multiple logons. Here is a method that does work:
1. Create a hidden share for each user's home directory and assign share permissions for that user only. I use meaningless alphanumeric strings to prevent guessing the share name. Example: a1hl2o$. Set the User Limit to Allow 1 Users
2. Create a %UserName%.txt file in each user's home directory with read permissions only for that user.
3. Implement a KixTart login script per tip 120.
4. Add the following to the logon script, immediately before the cookie1 statement.
$K = "@LSERVER" + "\" + "NETLOGON" + "\" + "Once.txt"
$J = "x:\" + "@USERID" + ".txt"
if exist ("$J")
$RC = shutdown("", "Shutdown in progress!", 0, 1, 0)
Where once.txt is in the NetLogon share and contains:
You are logged on more than once!
Press CTRL + ALT + DELETE
Why does this method work? Since only 1 user is allowed to connect to the user's share, the use command in the logon script fails to map a drive letter if 1 connection to that share already exits. This causes the if exist on %UserName%.txt to be false, invoking the shutdown process. Since the logon script hasn't finished, the manual keystrokes requested in once.txt are required. If a user does not follow these instructions, they are prevented from completing the logon because the shutdown is pending.
See tip 296 for a better way to do this.