?
Solved

Force User Logoff  immediately  -- User logged on to my Windows 2000 Server

Posted on 2003-11-19
7
Medium Priority
?
787 Views
Last Modified: 2013-12-04
My office manager has been tasked with terminating personnel.  As the IT Administrator, I am tasked with disabling the user account in Active Directory and forcing the user the logoff immediately.

The bottom line is:  When instructed by the office manager, I want to prevent (immediately) all  access to the domain from the terminated employee's computer.

Thanks for your help.
0
Comment
Question by:jimdorman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9783127
Locking out the account will cause the user to not be able to access any networked resources, so you can consider them isolated from the network.  You can set logon hours in the account's properties, and force logoff when logon time expires via Group Policy.  
0
 

Author Comment

by:jimdorman
ID: 9783213
Well, how do you lockout an account?  I searched the Windows 2000 Server help files and "lockout" only relates to Remoate Access or VPN accounts.

The only way I know to prevent immediate access to the server, is to go to my wiring closet and pull the cat5 cable that is connecting the terminated employee's computer to the router/switch.  However, the terminated employee may go to someone else's computer and log on.

Thanks again for your help.
 
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9783811
On either your DC or a managment workstation with the Admin tools installed, open Active Directory Users and Computers, find the user's account, right-click and select Disable.  The change will immediatly replicated to any other DCs in your AD domain and the user will not be able to access network resources.  
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:jimdorman
ID: 9783972
Your suggestion worked partially.   I disabled my account through Active Directory on the DC.  I did not log off of my own computer.  I clicked on Outlook.  The Exchange Server did not display any messages in my Inbox (normally there would be about 50).  So by disabling the account, e-mail was disabled.

However, I opened Explorer.  I navigated to the mapped drive on the DC.  (This is where word processing documents are stored).  The DC Server allowed me to read, edit, and print all documents.
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9784239
Try enabling "Force logoff when logon hours expire" in Group Policy, then in the account properties in AD set the logon hours so that your test account isn't able to logon in the next half hour or so.  That should force you to log off.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9784848
Why not use shutdown.exe from the resource kit.
Once you have disabled the account in AD shutdown the users PC and they are gone.
0
 
LVL 1

Accepted Solution

by:
monsterrick earned 1000 total points
ID: 9841509
Remote shutdown is a good idea but the user may already logged on from another machine which you don't know.
One more to try is launch "Computer Management" from the file server.  Open "Shared Folders".  Click "Sessions".  Find the user session, sort it by "User" and locate the user.  Then, delete his/her session(s) after you disabled this user account.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question