Solved

Force User Logoff  immediately  -- User logged on to my Windows 2000 Server

Posted on 2003-11-19
7
754 Views
Last Modified: 2013-12-04
My office manager has been tasked with terminating personnel.  As the IT Administrator, I am tasked with disabling the user account in Active Directory and forcing the user the logoff immediately.

The bottom line is:  When instructed by the office manager, I want to prevent (immediately) all  access to the domain from the terminated employee's computer.

Thanks for your help.
0
Comment
Question by:jimdorman
7 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9783127
Locking out the account will cause the user to not be able to access any networked resources, so you can consider them isolated from the network.  You can set logon hours in the account's properties, and force logoff when logon time expires via Group Policy.  
0
 

Author Comment

by:jimdorman
ID: 9783213
Well, how do you lockout an account?  I searched the Windows 2000 Server help files and "lockout" only relates to Remoate Access or VPN accounts.

The only way I know to prevent immediate access to the server, is to go to my wiring closet and pull the cat5 cable that is connecting the terminated employee's computer to the router/switch.  However, the terminated employee may go to someone else's computer and log on.

Thanks again for your help.
 
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9783811
On either your DC or a managment workstation with the Admin tools installed, open Active Directory Users and Computers, find the user's account, right-click and select Disable.  The change will immediatly replicated to any other DCs in your AD domain and the user will not be able to access network resources.  
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:jimdorman
ID: 9783972
Your suggestion worked partially.   I disabled my account through Active Directory on the DC.  I did not log off of my own computer.  I clicked on Outlook.  The Exchange Server did not display any messages in my Inbox (normally there would be about 50).  So by disabling the account, e-mail was disabled.

However, I opened Explorer.  I navigated to the mapped drive on the DC.  (This is where word processing documents are stored).  The DC Server allowed me to read, edit, and print all documents.
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9784239
Try enabling "Force logoff when logon hours expire" in Group Policy, then in the account properties in AD set the logon hours so that your test account isn't able to logon in the next half hour or so.  That should force you to log off.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9784848
Why not use shutdown.exe from the resource kit.
Once you have disabled the account in AD shutdown the users PC and they are gone.
0
 
LVL 1

Accepted Solution

by:
monsterrick earned 250 total points
ID: 9841509
Remote shutdown is a good idea but the user may already logged on from another machine which you don't know.
One more to try is launch "Computer Management" from the file server.  Open "Shared Folders".  Click "Sessions".  Find the user session, sort it by "User" and locate the user.  Then, delete his/her session(s) after you disabled this user account.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now