Re: Block simulteneuos logons

[rohnskii () gmail com]

AD has an option to limit the number of simultaneous logons.  Just set it to 1.  They can logon from work or home, not 
both at same time.

That is the brute force approach.  

But don't you have a corporate policy for computer use?  Company computing resources to be used for company purpose 
only, or something to that effect.  Have HR review the policy with the users and make the point that allowing family to 
use corporate computer is against policy and could cost them their job!  If you don't have such a policy, you should 
probably suggesting getting one.

As well, part of the main policy or a separate policy would be to NEVER share userid/password with anyone else (ie 
family), including technical support (who should only use their own ID).

Another option might to be limit the time they can dial in.  Do they normally work from home or on the road during the 
day?  If not, don't let them dial in during work hours.