Force Users to log off of workstations after Time Expires.


I'm trying to enable a way to force users to log off when time expires in an Active Directory environment.  We are running the latest AD on Windows 2003 Servers.

I have already tried enforcing this policy through Group Policy's and have had no luck.  I did some research online and came across numerous articals that have lead me to the same point.

We simply have logon hours set for users to only be able to logon during certain hours. If the user somehow forgets to log off of the machine, then we want AD to automatically log off the user when their time limit is up. Currently it disconnects them from Network shares but they stay logged onto the machine.

I have read about the Winexit theory and we don't want that because we have a lot of executives that want to keep their current settings.  I have read about the Net Accounts command to /forcelogoff:1, but for some reason it sets the domain controller to 1 and all the workstations to Never. Someone here have some ideas?

Please help.

Network Admin.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

nick_sa82Author Commented:
I have tried that. Is there anyone that currently has this setup running?  Based on my first description, I stated that I have tried that and that Net Accounts proved it to be wrong.  

Well, what about trying the WSH script in my post, you can force users to logoff or even shut down the PC.
nick_sa82Author Commented:
How does the script apply?  

Will it be able to identify which users have logon restrictions?

We only want the users we specify under AD to log off not all the users.
Get all the users you want to have forced to logoff to have a scheduled task of doing "shutdown -l" after a certain amount of time after logon has passed by. It is easily circumvented but it should work.

shutdown -l is a DOS prompt command.
nick_sa82Author Commented:
Thanks, I was consulting with my IT Manager we are probably going to go the WinExit route.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.