?
Solved

Group policy to log off all machine in Domain

Posted on 2007-11-15
11
Medium Priority
?
379 Views
Last Modified: 2010-03-17
I need help configuring a group policy to log off all machines within my domain. I configured Network security: force logoff when hours expire and defined 3 AD accounts with specific logon hours. The machines weren't logged off. Any other ideas?
0
Comment
Question by:colmisdiv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:bhnmi
ID: 20289338
It does not actually "log off" the machines user. It terminates all connections to the domain and makes them inactive for the said time. You need to run a script to log off the machines.
0
 
LVL 12

Expert Comment

by:bhnmi
ID: 20289365
I am not very good with VB scripting so I use a scheduled task to run a batch file to reboot the machines.

shutdown -m \\mycomputer.mycompany.local -r -f -t 10

This is not a very effective way if you have lots of machines because you need to make an entry for each one.
0
 
LVL 11

Accepted Solution

by:
bsharath earned 1000 total points
ID: 20289438
As there is no internal functionality to logoff a user.
Use this code every day at the specific time.
Create a file called "Computers.txt" put in all computers that yo need to logg off.Then run the Bat file
You can even change to restart of shutdown the computer

:: NEW VERSION
::      SET Action=S  ::For shutdown
::      SET Action=R ::For Restart
::      SET Action=L ::For Logoff
::
:: IF YOU LEAVE EMPTY (SET ACTION=) THE SCRIPT IS IN INTERACTIVE MODE
::
:: SCRIPT START
@Echo OFF
SETLOCAL
:------------------------------------------------
SET Action=
::------------------------------------------------
if +%Actions%+==++ (
rem Set the default actions if Action is empty
  set Action=L
rem ask to the user the action
  set /p Action=Shutdown/Restart/Logoff [s,r,L]?
)  
IF NOT EXIST C:\Computers.txt Goto ShowErr
FOR  %%R IN  (C:\Computers.txt) Do IF %%~zR EQU 0 Goto ShowErr
FOR /F "delims=#" %%c IN ('TYPE C:\Computers.txt') Do (
      Echo Processing: %%c
       if /i +%Action%+==+L+  ( PSShutdown \\%%c -o
      ) else (  SHUTDOWN -m \\%%c -%Action% -f -t 30 )
)
Goto EndScript
:ShowErr
Echo "C:\Computers.txt" file does not exist or file is empty!
:EndScript
ENDLOCAL
:: SCRIPT END

Hope this helps..
I do the same thing in my office every day.I got this from an expert in EE>.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20293534
...two options

a) http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/566.mspx?mfr=true

b) you use sysinternals package - psshutdown - to log them off, much nicer tool than batching (in my eyes)
0
 

Author Comment

by:colmisdiv
ID: 20321182
I'm not familiar with the tool and am terrible at scripting. What syntax would i use to log off all computers in my domain?
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20325111
Use the script as it is as the Action is set to L (Logoff)
You need to change this
set Action=L
to any othe if you want
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20341896
Did any of the solutions help getting what you wanted...
0
 

Author Comment

by:colmisdiv
ID: 20374872
bsharath - I've been out a few days. Sorry it took so long to get back. I don't have the recources to go to every machine and put in this script. I am looking to administer from the domain controller.
0
 

Author Comment

by:colmisdiv
ID: 20374892
Jay Jay 70- Waiting for response. Psshutdown Tool - I'm not familiar with the tool and am terrible at scripting. What syntax would i use to log off all computers in my domain from the domain controller.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20377916
im no good at scripting,. i make it up as i go....syntax is here
http://www.ss64.com/nt/psshutdown.html
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20379492
Hi,

If scripting is fine with you then just put in the machine names in the computers.txt file then run it from a machine which has Administrative rights then all machines in the txt file will be logged off...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses
Course of the Month11 days, 20 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question