Solved

Forcing clients to logout Win2k AD Domain at night.

Posted on 2003-11-05
3
1,460 Views
Last Modified: 2010-03-18
I've searched through previous topics relating to this, but found nothing that I haven't tried already.
I'm running a Windows 2000 domain with 3 DCs.  Approx 50-60 Win2K Pro clients.  
I'm also running SUS on one of the DCs.  Veritas is backing up everything.  I don't have the open file agent, so when a user doesn't log off, Veritas won't backup their open files.  I've tried letting everyone know to log off, but several still don't.

I've got the group policy set and login times set, even the option to disconnet after valid times.  It will keep them from logging in, but it won't log them out.
I'm looking for a Windows solution, no third party.  Even if its a batch file or a task scheduler solution.
Thanks,
Brian
0
Comment
Question by:MCSE2B
3 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9690294
Here is a WSH script that might work for you...

http://www.enterpriseitplanet.com/resources/scripts_win/article.php/3083081
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 250 total points
ID: 9691197
see if this helps
http://www.jsiinc.com/subl/tip5500/rh5566.htm

When you enforce logon hours restrictions by using to Group Policy to navigating to Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options and enable Automatically log off users when logon time expires, users whose logon times settings prevent logon at this time are NOT permitted to log on. However, users who are logged on and should be logged off are not?

If this happens in your domain, try the following:

1. Open a CMD prompt.

2. Type:

net accounts /forcelogoff:<minutes> /domain

where <minutes> is the number of minutes after the log on time expires that a user will be forced off. The user will receive a warning message <minutes> before the forced log off.

NOTE: The default setting for the /forcelogoff switch is no. When no is set, forced logoff is prevented. To see the current setting, open a CMD prompt and type net accounts. If this returns:

Force user logoff how long after time expires?: Never

then forced logoff is prevented. I would NOT set <minutes> to 0.

or
http://www.jsiinc.com/suba/tip0100/rh0159.htm
0159 » Use a batch file to disconnect user sessions.




You can manually disconnect users in Server Manager and you can set logon time restrictions (with forced Logoff) in User Manager for Domains, but I prefer to use a batch file due to the enhanced flexibily it offers and the ability to schedule it. Here is a sample (note - a leading : is the same as REM):

:Pausing the Netlogon service prevent this "server" from processing new logons.
:If you have other logon servers, they can still process logons.
net pause Netlogon
:Pausing the Server service prevents new logons and new connections on this "server".
net pause Server
net send /domain "Your session(s) will be disconnected in 5 minutes, please logoff."
:Sleep is a resource kit utility.
sleep 300
:net session /delete /y will terminate all sessions/connections with this "server".
net session /delete /y
:
:
:Perform other usefull work here like stopping services, backing up, starting the services.
: To get the service names, browse the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
: Example: net stop RemoteAccess
:
:
:Enable the Service and/or Netlogon services that you paused.
net continue Server
net continue Netlogon
net send /domain "Logons and connections are now enabled."
exit

0
 

Author Comment

by:MCSE2B
ID: 9694153
I have faith that the first solution would definately work.  The only variable I see is what time is everyone logging in.  I guess in the big picture it wouldn't matter, there would be a time window of an hour or so to get everyone off the network.  If I set it for 8 hours, as long as everyone logged in around 8 or 9 in the morning, everyone would be off by 11 when backups ran.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Resolve DNS query failed errors for Exchange
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now