Architecture for controlling access to a service. The architecture allows denial of regular and periodic service to all but a selected number of concurrent clients associated with a subscriber, and without any manual administration at the server of a list of specific computers. Rather than require an administered list, the system discovers which clients are active, places the active clients on an active list, and excludes all client not on the active list. The system includes rules the enforcement of which provide a mechanism for ensuring that the subscriber is not adding an unlimited number of clients or rotating clients in and out of the pool to effectively maintain service on a larger number of computers to which the subscriber is entitled.