Restrict logon hours by user and location through group policy?

Posted on 2005-05-10
Last Modified: 2008-02-07
I have a Windows Server 2003 domain with 2K clients and there are several labs that I'd like to restrict access to after a certain time of day.  Simply limiting logon hours doesn't help me because I need users to have access to computers in other sections of the building.  Is there any way for me to selectively limit logon hours based on workstations or OUs?

Question by:erndog5800
    LVL 19

    Assisted Solution

    To my knowledge logon hours can only be enforced per user, not per machine. I guess you would need something like this:

    Author Comment

    Hmm.  I'd prefer to not have to buy software, and we're talking about a few hundred workstations.  I suppose a script could be written that checks the name of the workstation, as all of the PC's in that lab start with the same characters.  For example, all machines in lab 321 are named LAB-321-01, 02, 03, etc.  Can you do machine name wildcards in scripting? I was hoping there was something built into windows server 2003 that I was missing, but a script- or software purchase- may be the only way to do this.  Any other thoughts?
    LVL 76

    Accepted Solution

    Hi erndog5800,

    I'm not aware of any built in way to do this but I think you could do it fairly easily with a script.


    Author Comment

    Which is exactly what I ended up doing.  I just wrote a .vbs script that checks the time and logs out the user if it is after the time the lab is supposed to be closed.  The labs are in their own OUs, so I just run scripts in those OUs that call the .vbs file


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
    Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now