Single sign-on by NxLogon
NxLogon is a console program you can use in Active Directory for detecting the currently logged-in usernames.
Before you implement single sign-on against Active Directory, you need to import users and groups first. To import users and groups, read GUI overview > User.
How it worksWhen you run it on a user PC, it creates and refreshes a login session on NxFilter for the logged-in user on the system it is running on. However, you don't want to copy and run this program on every PC manually. So we use a logon script on Group Policy Object (GPO). This logon script will be executed whenever a user logon to Active Directory and launches NxLogon on each user's PC.
Launch from GPOFollow the steps below to launch NxLogon from GPO. 1. Download nxlogon-x.x.zip. 2. Modify IP address in 'nxlogon.bat' to point NxFilter. If you use clustering you can add multiple server IP addresses separated by spaces. 3. Open 'Administrative Tools > Active Directory Users and Computers' on your DC. 4. Open 'Group Policy Manager' on 'Server Manager > Tools'. 5. Click 'Edit' button on 'Default Domain Policy' and then go to 'User configuration > Policies > Windows Settings > Scripts (Logon/Logoff)'. 6. Click 'Logon' and click 'Add' and then click 'Browse' button. You will see 'Logon' directory to select a file. Copy your 'nxlogon.bat' and 'nxlogon.exe' from NxLogon package into 'Logon' directory. You can drag and drop the files into the directory. 7. Select 'nxlogon.bat' which you copied into 'Logon' directory as a logon script to add. 8. Now every time a user logon to Active Directory, 'logon.bat' will be executed and it will launch 'nxlogon.exe'. You can see the process running on Windows task manager. 9. You can see the result with NxFilter logging. It creates user login session when it gets a request from NxLogon.
If you want to remove login session immediately after user logout, use 'nxlogoff.bat' as a logoff script in GPO.