?
Solved

Logout a user if user does not re-authentificate himself after set time

Posted on 2003-03-06
11
Medium Priority
?
283 Views
Last Modified: 2013-12-04
First of all, all of the following takes place in a Windows 2000 computer lab, with one Windows 2000 Server Computer using a single domain, with all of Active Directory enabled. Only one other machine is in question here, a single Windows 2000 Professional Machine that will log into the domain to validate the username.

I am looking for a way to periodically ask the user of a computer to reenter his/her password so that I know the same user is using the machine. I administer a Computer lab for a University, and the lab workers each have an account on the main machine, but I have found that many of them will not log out of their account when their shift is over. When the user leaves, the next one will continue without logging in as himself (out of laziness as far as I can tell). The result of this is that the same account will be used for long periods of time.

I know that you can set Windows 2000 to specify login times for the computer on a user/group basis, but this is not what I am going after. Each of the lab workers will be logged in for a different amount of time (some for only an hour, others at 4:30), so I don't want to just automatically log out the user after an hour, but if the user is no longer there, I do not want the next user to continue using an account that is not theirs. The computer will most likely continue to be active this entire time, so as far as I can tell a periodic check is needed (but I could be mistaken).

Also, there are not set work hours, as substitutions may be made, so I don't want to restrict hours based on when the user has signed up.
0
Comment
Question by:LifeIsPain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 13

Expert Comment

by:ocon827679
ID: 8087801
Getting people to log off is a nightmare.  Maybe you could try to make everyone's life miserable by enabling the screen saver after 10 minutes or so and selecting to enable the password protection.  This way if the workstation is left alone for 10 minutes the screen saver will kick in and the next guy can't get into the workstation unless he knows the previous users password.  As admin you can always log the person off.  I guess this way you will force the guy coming in to jump all over the first person for not logging out.  Of course, this can also come back to bite you in the ass, but you have to change peoples behaviour if you don't want to use the built-in utilities.
0
 

Author Comment

by:LifeIsPain
ID: 8087980
I thought about doing the screensaver, but as mentioned, there is always someone on that computer, so it never hits the 10 minute mark, and I would be yelled at like nothing else if I set it to a 2 minute time out (because of helping the users of the lab). Not to mention that the lab is pretty well secluded from the rest of the IT department, so it isn't very easy to get someone over to let the next lab worker use the computer (not to mention that this is also the machine the workers use to clock in on because of the software).

___
As a side note, I know at some multi-user locations, the users learn to log out on their own because if they don't, they will have "resigned" from their position due to an "affair" with the bosses spouse. :)
0
 
LVL 9

Accepted Solution

by:
MSGeek earned 225 total points
ID: 8094989
LOL

Rather than setting the screen saver, use the task scheduler to schedule a tsak based upon idle time to log the person out.  That way your not locking the workstation with someone logged in that left the room an hour ago, you are completely logging them off.  

If they don't like being logged off, that's tough if they cannot learn the University's Acceptable Use Policy, they do have to sign an AUP don't they???
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 

Author Comment

by:LifeIsPain
ID: 8104261
Ok, I took the advice of MSGeek and used task scheduler, but I used it a bit differently. Every 15 minutes, the computer locks up, if the user wants it to or not. After 10 minutes of idle time, the computer logs out. So the result of this is that the computer will be unusable for 10 minutes after it locks up (if the user isn't there). I have had one of the workers complain about this louder than the others, but he is only the 6th person or so to work at that comp.

So I am using two tasks, one for locking, the other for logging out. (shutdown.exe is in the Windows 2000 Resource Kit, or there are freeware versions people have made as well). This seems to work well, except that trying a password after 9 minutes resets the timmer for idle. So this would work even better if I could set a max time the computer stays locked, say 4 minutes, and then it will auto-log out after this, instead of by idle.

But I am testing this theory out real quick, and then points will be awarded after a conclusion can be made on if this works.
0
 

Author Comment

by:LifeIsPain
ID: 8104274
Also, I should say that we do have an AUP, but the changes happened after the AUP was released, so it is hard to call them on anything as firm as an AUP, even if it was in the meetings and written notices.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8104635
Two stones are better than one, but what a pain; every 15 minutes.  I would think you could offer to do away with the feature after they have learned their lesson.  I would have to believe your AUP addresses using another users account.  If you cannot hold them to something as simple as that what good is the AUP?  On a more serious note what if a user logged in as another user commits a crime, how are you going to nail down the correct user?  It may be funny, but it's not when the FBI and Secret Service are standing there because a threat was made to the president.
0
 

Author Comment

by:LifeIsPain
ID: 8126169
The question is still open. Setting a log out on idle time wasn't working, as different events were regestering as input, and so the users would get locked out and not be able to get in. (As in if they gt locked out, they would try their own password instead of waiting for the account to log out, thus keeping the computer from being idle.) So anyway, the time for an idle log out didn't happen at times.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8128317
Ok, I think for about $10 at Radio Shack you can get a timer that goes up to 60 minutes with an outlet connected. Connect the PC to that and it will power off every hour.  Win2k may not tolerate that as much as XP would, but sounds like your last resort.  Perhaps you could also build a keyboard that has an electrical charge that increases over time, then it resets to zero at logout?
0
 

Expert Comment

by:CleanupPing
ID: 9070775
LifeIsPain:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 

Author Comment

by:LifeIsPain
ID: 9154055
I accepted MSGeek's first answer, as it was the most applicable solution for my problem (just to finalize it). This does not mean it does everything I wanted, but it gave me the right direction to look in. The best solution would be to write a custom ap that locks up the screen after 15 minutes (or whatever) and will stay locked until the correct password is used (I read how to check a password with a login password somewhere, so it is doable) and if the correct password isn't used after a set time, it logs out the user. If someone does write the program and pastes it here, that still would be appreceated.

But as this is 11 days after Cleanup was asked for, here it is.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 9169247
LifeIsPain.. thanks for the points, glad it was of some help.  MSGeek.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month9 days, 21 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question