Link to home
Create AccountLog in
Avatar of boomtech
boomtech

asked on

lock a user’s account

Question:
How can I lock a user’s account at 3:30 pm that the user can’t get access to his computer until I unlock his account we are on a Windows server 2003 Active directory with XP pro clients
Thanks
Phil
Avatar of aquevedo81
aquevedo81

In the Account properties of that user, there is an option that says Logon Hours, that option allows you to deny access to that account in the hours and days you specify. Select those hours and the click in the Logon Denied radio button. Hope it helps
The quick and dirty way would be to disallow logins from that account based on time of day which you can do in the properties of the user's account.  A different way, albeit more complicated would be to programmatically disable the account using a vb
Oops!  to continue... you can write a script to disable the account and launch it from the scheduled tasks utility on the server.  You probably find a script to do this on www.microsoft.com/technet under the scripting section.
Avatar of boomtech

ASKER

I’m not very familiar with the scripting can you be a little more specific and I only nned it for one user account

Thanks

Phil
Boom, the clarify something here, should the users account be locked everyday at 3:30 pm, and then unlocked in the morning? If so aquevedo81's solution would be perfect.

Or are you trying to lock the user out at 3:30 each day until manually unlocked?

Or is this a one time deal for the user, such as a suspension/termination type case?
one time deal for the user, such as a suspension/termination type case
You could go really low tech and try logging in as him several times with a bad password at 3:30!;)
I was trying to do this without my interaction I will be at a dentist appointment at 3 pm
Worst case scenario, adopt aquevedo81's tactic for the logon hours (ie, allow access from 2 hours before his normal start time, deny after 3:30pm) and then you can disable/delete the account in your normal process/procedures after your appointment or the next morning.
You can’t set ½ hours only 1 hour increment that will also not log the user off there current computer
A locked account does not log a user off either, but it can restrict their access if future authentication is required. I assume someone is going to walk this terminated user out? If so, they can be just instructed to log the user off.

I would assume you are trying to remove access so the user cannot get in via any sort of remote access after being removed from the site? Or are you trying to just cut them off as they work?
The command:
net user <username> /active:no
will lock the account.  Change no to yes to unlock.
ASKER CERTIFIED SOLUTION
Avatar of jackmcbarn
jackmcbarn
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer