I have accomplished my goal by using the shutdown command line program to shutdown the machine used by the user I want to logoff, and then Active Directory's Time restriction limits kick in dis-allowing the user to logon.  Still, I believe there should be a way to pull this off without using a script.  So the question still stands.

You can use the "winexit.scr" screen saver from the windows 2000 res kit. This file is also availble for download from many internet sites. Set this screen saver for all your users using policy.

see this article, it is for winxp but also works for 2k
http://support.microsoft.com/default.aspx?scid=KB;en-us;314999&

To force immediate effect use this : (probably add this in task scheduler on the server)

http://support.microsoft.com/default.aspx?scid=kb;EN-US;227302

try this:

You can run these parameters from the cmd line or as a shortcut, which will open the command line. type in "shutdown /?" to know all of the parameters. in these examples:
-t0 is for timeout length
 -s, -r, and -l is what you want done (stutdown, restart, and logoff respectively)
You can also pinpoint a remote computer. just use the "shutdown /?" cmd line to get the correct cmd line for remote computers.

THE FOLLOWING PARAMETERS TO DO THE OPTION ON YOUR OWN COMPUTER (I HAVE THESE AS SHORTCUTS ON MY DESKTOP) NOTE THAT YOU CAN TAKE AWAY "%windir%\System32\" when typing this in at the cmd prompt

**Shutdown**
%windir%\System32\shutdown.exe -s -t 0

**Restart**
%windir%\System32\shutdown.exe -r -t 0

**Logoff**
%windir%\System32\shutdown.exe -l -t 0

**Fast User Switching, aka Lock Computer**
%windir%\System32\rundll32.exe user32.dll,LockWorkStation

Did you guys see my reply right after my first post.  I already figured out how to accomplish what I wanted using the shutdown command line program.  I would like to know how to do this without out using a script however.

This was done in NT by checking an option under account policy that said "Force Logoff when time restrictions are enforced"  However, I can not find where to do this in 2000. Also, I don't know if this helps or not, but there is a CN in Active Directory called CN=Force-Logoff, but, like I said, I am not sure how to edit this or tie it to a particular user.

put the script in the target field of a shortcut and put it on your desktop or something. there, no script! just a shortcut. You could make a folder on your desktop and label the shortcuts for each user. of course, this would be time consuming if you have a lot of users, but i would just use the cmd line. if this is an active directory environment and you are the administrator, you should be using cmd lines constantly anyway...

Exactly the answer I was looking for.  Thanks.

that just logs them off after they have been logged on for like, lets say, 45 minutes. don't you want to log them off when you want them to log off?

nexusnation - if you are referring to my solution, with all due respect, you are incorrect. This applies to the "Logon Hours" defined in a user account. Logon hours refer to days of the week and hours of the day. Not the amount of time someone has been logged on.

In other words, if scmiles wants to log users off at 9PM every night and keep them off until 4AM, he sets up these hours in the user account and these policies to ensure they are forced off their computer (local) and network resources during the given time.

scmiles was looking for the win2k equivalent of what he was using on NT.

oh, oops. i was rather unfamiliar with that part of Active Directory because my network does not use that restriction or anything like it, so i was unsure. Thank you for this clarification, and i may actually use it on my own network :)

In either the local policy of a machine, or the GPO for the domain or OU in which the machine is located:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

There are two options:

"Automatically log off users when logon time expires"

This option affects all machines in the domain for a GPO. It is disabled by default, which allows an established client session to be maintained after the client's logon hours have expired. Enable it for your requirements.

"Automatically log off users when logon time expires (local)"

This policy should only be defined in a local security policy of a machine - only place it affects. It is enabled by default.

Logon hours are defined in the user account.


I've tried this and it doesn't work?????? I've created a test OU with a test GPO for one machine... I logon to the user with the set logon time.. and when the time comes to logoff the user nothing happens....  is it suppose to log the user off?????

Any body ever address Yolanda-Obenour comment. I have done exactly the same thing with the same failed results. The Screen saver option is NOT and option. Users want their own screen savers. This should be a simple policy definition BUT it doesn't appear to work.

I do not find and option called "Automatically log off users when logon time expires" under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. There are 2 options and they are "Network Security:Force logoff when logon hours expire" and "Microsoft Network Server: Disconnect clients with logon hours expire". I have selected both options, refreshed the policy, rebooted the computer and anything else in order to ensure that the policy is forced unto the local system. Still the logoff fails. Now if I log the user off and then try to log them on again while the restriction is in affect, they get a message stating "Your account has time restrictions that prevent you from logging on at this time. Please try again later."

Why is this not working as adverstised? Am I misunderstanding something here???????????????????????????

2008 now and still no answer??