Restrict logon hours by user and location through group policy?

Posted on 2005-05-10
Medium Priority
Last Modified: 2008-02-07
I have a Windows Server 2003 domain with 2K clients and there are several labs that I'd like to restrict access to after a certain time of day.  Simply limiting logon hours doesn't help me because I need users to have access to computers in other sections of the building.  Is there any way for me to selectively limit logon hours based on workstations or OUs?

Question by:erndog5800
  • 2
LVL 19

Assisted Solution

CoccoBill earned 500 total points
ID: 13973013
To my knowledge logon hours can only be enforced per user, not per machine. I guess you would need something like this: http://www.handyarchive.com/Utilities/Security/16612-Software-Time-Lock.html.

Author Comment

ID: 13978233
Hmm.  I'd prefer to not have to buy software, and we're talking about a few hundred workstations.  I suppose a script could be written that checks the name of the workstation, as all of the PC's in that lab start with the same characters.  For example, all machines in lab 321 are named LAB-321-01, 02, 03, etc.  Can you do machine name wildcards in scripting? I was hoping there was something built into windows server 2003 that I was missing, but a script- or software purchase- may be the only way to do this.  Any other thoughts?
LVL 76

Accepted Solution

David Lee earned 500 total points
ID: 13984580
Hi erndog5800,

I'm not aware of any built in way to do this but I think you could do it fairly easily with a script.


Author Comment

ID: 13985317
Which is exactly what I ended up doing.  I just wrote a .vbs script that checks the time and logs out the user if it is after the time the lab is supposed to be closed.  The labs are in their own OUs, so I just run scripts in those OUs that call the .vbs file


Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question