Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1393
  • Last Modified:

Force Users to log off of workstations after Time Expires.

Hello,

I'm trying to enable a way to force users to log off when time expires in an Active Directory environment.  We are running the latest AD on Windows 2003 Servers.

I have already tried enforcing this policy through Group Policy's and have had no luck.  I did some research online and came across numerous articals that have lead me to the same point.

We simply have logon hours set for users to only be able to logon during certain hours. If the user somehow forgets to log off of the machine, then we want AD to automatically log off the user when their time limit is up. Currently it disconnects them from Network shares but they stay logged onto the machine.

I have read about the Winexit theory and we don't want that because we have a lot of executives that want to keep their current settings.  I have read about the Net Accounts command to /forcelogoff:1, but for some reason it sets the domain controller to 1 and all the workstations to Never. Someone here have some ideas?

Please help.

Thanks,
Nick
Network Admin.
0
nick_sa82
Asked:
nick_sa82
  • 3
  • 2
  • 2
  • +1
1 Solution
 
sunray_2003Commented:
0
 
JFrederick29Commented:
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
nick_sa82Author Commented:
I have tried that. Is there anyone that currently has this setup running?  Based on my first description, I stated that I have tried that and that Net Accounts proved it to be wrong.  

Nick
0
 
JFrederick29Commented:
Well, what about trying the WSH script in my post, you can force users to logoff or even shut down the PC.
0
 
nick_sa82Author Commented:
How does the script apply?  

Will it be able to identify which users have logon restrictions?

We only want the users we specify under AD to log off not all the users.
0
 
CaudaxCommented:
Get all the users you want to have forced to logoff to have a scheduled task of doing "shutdown -l" after a certain amount of time after logon has passed by. It is easily circumvented but it should work.

shutdown -l is a DOS prompt command.
0
 
nick_sa82Author Commented:
Thanks, I was consulting with my IT Manager we are probably going to go the WinExit route.

Nick
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now