12-07-2016 10:29 AM - edited 03-11-2019 12:16 AM
I want to set MAC based binding for laptop users and only one login per user needs to allowed. (BOTH LAN AND WIFI USERS).
12-08-2016 02:11 AM
Hi,
In that case deploy NAM module over AC mobility client.
Single Sign On “Single User” Enforcement
Microsoft Windows allows multiple users to be logged on concurrently, but Cisco AnyConnect Network Access Manager restricts network authentication to a single user. AnyConnect Network Access Manager can be active for one user per desktop or server, regardless of how many users are logged on. Single user login enforcement implies that only one user can be logged in to the system at any one time and that administrators cannot force the currently logged-in user to log off.
When the Network Access Manager client module is installed on Windows desktops, the default behavior is to enforce single user logon. When installed on servers, the default behavior is to relax the single user login enforcement. In either case, you can modify or add a registry to change the default behavior.
Restrictions
*
Windows administrators are restricted from forcing currently logged-on users to log off.
*
RDP to a connected workstation is supported for the same user.
*
To be considered the same user, credentials must be in the same format. For example, user/example is not the same as user@example.com<mailto:user@example.com>.
*
Smart-card users must also have the same PIN to be considered the same user.
* Configure Single Sign-On Single User Enforcement< http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure_nam.html#ID-1424-00000051>;
Configure Single Sign-On Single User Enforcement
To change how a Windows workstation or server handles multiple users, change the value of EnforceSingleLogon in the registry.
On Windows, the registry key is EnforceSingleLogon and is in the same registry location as the OverlayIcon key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B12744B8-5BB7-463a-B85E-BB7627E73002}
To configure single or multiple user logon, add a DWORD named EnforceSingleLogon, and give it a value of 1 or 0.
For Windows:
*
1 restricts logon to a single user.
*
0 allows multiple users to be logged on.
Regards
Gagan
rate as correct if it helps!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide