I'm trying to enable a way to force users to log off when time expires in an Active Directory environment. We are running the latest AD on Windows 2003 Servers.
I have already tried enforcing this policy through Group Policy's and have had no luck. I did some research online and came across numerous articals that have lead me to the same point.
We simply have logon hours set for users to only be able to logon during certain hours. If the user somehow forgets to log off of the machine, then we want AD to automatically log off the user when their time limit is up. Currently it disconnects them from Network shares but they stay logged onto the machine.
I have read about the Winexit theory and we don't want that because we have a lot of executives that want to keep their current settings. I have read about the Net Accounts command to /forcelogoff:1, but for some reason it sets the domain controller to 1 and all the workstations to Never. Someone here have some ideas?