First of all, all of the following takes place in a Windows 2000 computer lab, with one Windows 2000 Server Computer using a single domain, with all of Active Directory enabled. Only one other machine is in question here, a single Windows 2000 Professional Machine that will log into the domain to validate the username.
I am looking for a way to periodically ask the user of a computer to reenter his/her password so that I know the same user is using the machine. I administer a Computer lab for a University, and the lab workers each have an account on the main machine, but I have found that many of them will not log out of their account when their shift is over. When the user leaves, the next one will continue without logging in as himself (out of laziness as far as I can tell). The result of this is that the same account will be used for long periods of time.
I know that you can set Windows 2000 to specify login times for the computer on a user/group basis, but this is not what I am going after. Each of the lab workers will be logged in for a different amount of time (some for only an hour, others at 4:30), so I don't want to just automatically log out the user after an hour, but if the user is no longer there, I do not want the next user to continue using an account that is not theirs. The computer will most likely continue to be active this entire time, so as far as I can tell a periodic check is needed (but I could be mistaken).
Also, there are not set work hours, as substitutions may be made, so I don't want to restrict hours based on when the user has signed up.