Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Forcing clients to logout Win2k AD Domain at night.

Posted on 2003-11-05
3
Medium Priority
?
1,471 Views
Last Modified: 2010-03-18
I've searched through previous topics relating to this, but found nothing that I haven't tried already.
I'm running a Windows 2000 domain with 3 DCs.  Approx 50-60 Win2K Pro clients.  
I'm also running SUS on one of the DCs.  Veritas is backing up everything.  I don't have the open file agent, so when a user doesn't log off, Veritas won't backup their open files.  I've tried letting everyone know to log off, but several still don't.

I've got the group policy set and login times set, even the option to disconnet after valid times.  It will keep them from logging in, but it won't log them out.
I'm looking for a Windows solution, no third party.  Even if its a batch file or a task scheduler solution.
Thanks,
Brian
0
Comment
Question by:MCSE2B
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9690294
Here is a WSH script that might work for you...

http://www.enterpriseitplanet.com/resources/scripts_win/article.php/3083081
0
 
LVL 41

Accepted Solution

by:
stevenlewis earned 750 total points
ID: 9691197
see if this helps
http://www.jsiinc.com/subl/tip5500/rh5566.htm

When you enforce logon hours restrictions by using to Group Policy to navigating to Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options and enable Automatically log off users when logon time expires, users whose logon times settings prevent logon at this time are NOT permitted to log on. However, users who are logged on and should be logged off are not?

If this happens in your domain, try the following:

1. Open a CMD prompt.

2. Type:

net accounts /forcelogoff:<minutes> /domain

where <minutes> is the number of minutes after the log on time expires that a user will be forced off. The user will receive a warning message <minutes> before the forced log off.

NOTE: The default setting for the /forcelogoff switch is no. When no is set, forced logoff is prevented. To see the current setting, open a CMD prompt and type net accounts. If this returns:

Force user logoff how long after time expires?: Never

then forced logoff is prevented. I would NOT set <minutes> to 0.

or
http://www.jsiinc.com/suba/tip0100/rh0159.htm
0159 » Use a batch file to disconnect user sessions.




You can manually disconnect users in Server Manager and you can set logon time restrictions (with forced Logoff) in User Manager for Domains, but I prefer to use a batch file due to the enhanced flexibily it offers and the ability to schedule it. Here is a sample (note - a leading : is the same as REM):

:Pausing the Netlogon service prevent this "server" from processing new logons.
:If you have other logon servers, they can still process logons.
net pause Netlogon
:Pausing the Server service prevents new logons and new connections on this "server".
net pause Server
net send /domain "Your session(s) will be disconnected in 5 minutes, please logoff."
:Sleep is a resource kit utility.
sleep 300
:net session /delete /y will terminate all sessions/connections with this "server".
net session /delete /y
:
:
:Perform other usefull work here like stopping services, backing up, starting the services.
: To get the service names, browse the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
: Example: net stop RemoteAccess
:
:
:Enable the Service and/or Netlogon services that you paused.
net continue Server
net continue Netlogon
net send /domain "Logons and connections are now enabled."
exit

0
 

Author Comment

by:MCSE2B
ID: 9694153
I have faith that the first solution would definately work.  The only variable I see is what time is everyone logging in.  I guess in the big picture it wouldn't matter, there would be a time window of an hour or so to get everyone off the network.  If I set it for 8 hours, as long as everyone logged in around 8 or 9 in the morning, everyone would be off by 11 when backups ran.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question