Thursday, September 30, 2010

Microsoft Limit Login and Login Scripts on x64 Machines

We use Limit Login in our environment and I ran into some issues the other day when we deployed some 64-bit terminal servers at our Beijing, China location. For those unfamiliar with Limit Login, it is a utility provided by Microsoft that allows you to limit the number of simultaneous login attempts within an Active Directory environment. The utility works by extending the the Active Directory schema to store additional information related to logins. Therefore, you do not need to store the information in a separate database as required with past methods. The utility then uses web services and login scripts to update the information in Active Directory. For more information on the utility, please see this article.

We use Limit Login along with the "Log On To" property (see this post) of the Active Directory user object to limit the machines users can log on to and how many simultaneous sessions they are allowed.

Anyway, back to the issues. Once I set up all of the users and configured their user objects to limit the number of simultaneous logins, I performed some tests and noticed it wasn't adding the logins to Active Directory. After some troubleshooting, I noticed that the login scripts were not running correctly. They were getting errors because the objects used to connect to the web services were 32-bit controls. After additional troubleshooting, I found that I needed to run the login script under the 32-bit version of wscript (the object that runs script files like vbscript in windows). Apparently, the x64 version of Windows Server 2003 includes two different objects. The default object is stored in the system32 folder and is actually the 64-bit version (yeah awesome right). The 32-bit version is stored in SysWow64 (again awesome, but I am sure they have their reasons). Anyway, since I needed the script to run under the 32-bit object, I had to create a login script that first determined if the OS was x86 or x64 and then ran the original Limit Login script under the correct version of the wscript object for x64 servers.

Here is an example of the login script that calls the Limit Login script:

On Error Resume Next

Set WshShell = CreateObject("WScript.Shell")

OsType = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")
If (OsType = "x86") Then
WSHShell.Run "wscript \\SERVERNAME\LLScripts$\lloginscript.vbs", , True
Else
WSHShell.Run "%windir%\SysWow64\wscript \\SERVERNAME\LLScripts$\lloginscript.vbs", , True
End If

No comments:

Post a Comment