Solved

Force Users to log off of workstations after Time Expires.

Posted on 2003-11-20
8
1,388 Views
Last Modified: 2013-12-04
Hello,

I'm trying to enable a way to force users to log off when time expires in an Active Directory environment.  We are running the latest AD on Windows 2003 Servers.

I have already tried enforcing this policy through Group Policy's and have had no luck.  I did some research online and came across numerous articals that have lead me to the same point.

We simply have logon hours set for users to only be able to logon during certain hours. If the user somehow forgets to log off of the machine, then we want AD to automatically log off the user when their time limit is up. Currently it disconnects them from Network shares but they stay logged onto the machine.

I have read about the Winexit theory and we don't want that because we have a lot of executives that want to keep their current settings.  I have read about the Net Accounts command to /forcelogoff:1, but for some reason it sets the domain controller to 1 and all the workstations to Never. Someone here have some ideas?

Please help.

Thanks,
Nick
Network Admin.
0
Comment
Question by:nick_sa82
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9790457
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9790467
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 9790530
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:nick_sa82
ID: 9790565
I have tried that. Is there anyone that currently has this setup running?  Based on my first description, I stated that I have tried that and that Net Accounts proved it to be wrong.  

Nick
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9790602
Well, what about trying the WSH script in my post, you can force users to logoff or even shut down the PC.
0
 

Author Comment

by:nick_sa82
ID: 9790761
How does the script apply?  

Will it be able to identify which users have logon restrictions?

We only want the users we specify under AD to log off not all the users.
0
 
LVL 4

Expert Comment

by:Caudax
ID: 9791291
Get all the users you want to have forced to logoff to have a scheduled task of doing "shutdown -l" after a certain amount of time after logon has passed by. It is easily circumvented but it should work.

shutdown -l is a DOS prompt command.
0
 

Author Comment

by:nick_sa82
ID: 9791830
Thanks, I was consulting with my IT Manager we are probably going to go the WinExit route.

Nick
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question