Single sign-on by NxLogon
NxLogon is a console program you can use in Active Directory for detecting the currently logged-in usernames.
Before you implement single sign-on against Active Directory, you need to import users and groups first. To import users and groups, read GUI overview > User.
How it worksWhen you run it on a user PC, it creates and refreshes a login session on NxFilter for the logged-in user on the system it is running on. However, you don't want to copy and run this program on every PC manually. So, we use a logon script on Group Policy Object (GPO). This logon script will be executed whenever a user logon to Active Directory and launches NxLogon on each user's PC.
Launch from GPOFollow the steps below to launch NxLogon from GPO. 1. Download nxlogon-x.x.zip. 2. Modify IP address in 'nxlogon.bat' to point NxFilter. If you use clustering you can add multiple server IP addresses separated by spaces. 3. Open Administrative Tools > Active Directory Users and Computers on your DC. 4. Open Group Policy Manager on Server Manager > Tools. 5. Click Edit button on Default Domain Policy and then go to User configuration > Policies > Windows Settings > Scripts (Logon/Logoff). 6. Click Logon button and click Add button and then click Browse button. You will see Logon directory to select a file. Copy your nxlogon.bat and nxlogon.exe from NxLogon package into Logon directory. You can drag and drop the files into the directory. 7. Select nxlogon.bat which you copied into Logon directory as a logon script to add. 8. Now every time a user logon to Active Directory, logon.bat will be executed and it will launch nxlogon.exe. You can see the process running on Windows task manager. 9. You can see the result with NxFilter logging. It creates user login session when it gets a request from NxLogon.
If you want to remove login session immediately after user logout, use nxlogoff.bat as a logoff script in GPO.