Solved

Group policy to log off all machine in Domain

Posted on 2007-11-15
11
374 Views
Last Modified: 2010-03-17
I need help configuring a group policy to log off all machines within my domain. I configured Network security: force logoff when hours expire and defined 3 AD accounts with specific logon hours. The machines weren't logged off. Any other ideas?
0
Comment
Question by:colmisdiv
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:bhnmi
ID: 20289338
It does not actually "log off" the machines user. It terminates all connections to the domain and makes them inactive for the said time. You need to run a script to log off the machines.
0
 
LVL 12

Expert Comment

by:bhnmi
ID: 20289365
I am not very good with VB scripting so I use a scheduled task to run a batch file to reboot the machines.

shutdown -m \\mycomputer.mycompany.local -r -f -t 10

This is not a very effective way if you have lots of machines because you need to make an entry for each one.
0
 
LVL 11

Accepted Solution

by:
bsharath earned 250 total points
ID: 20289438
As there is no internal functionality to logoff a user.
Use this code every day at the specific time.
Create a file called "Computers.txt" put in all computers that yo need to logg off.Then run the Bat file
You can even change to restart of shutdown the computer

:: NEW VERSION
::      SET Action=S  ::For shutdown
::      SET Action=R ::For Restart
::      SET Action=L ::For Logoff
::
:: IF YOU LEAVE EMPTY (SET ACTION=) THE SCRIPT IS IN INTERACTIVE MODE
::
:: SCRIPT START
@Echo OFF
SETLOCAL
:------------------------------------------------
SET Action=
::------------------------------------------------
if +%Actions%+==++ (
rem Set the default actions if Action is empty
  set Action=L
rem ask to the user the action
  set /p Action=Shutdown/Restart/Logoff [s,r,L]?
)  
IF NOT EXIST C:\Computers.txt Goto ShowErr
FOR  %%R IN  (C:\Computers.txt) Do IF %%~zR EQU 0 Goto ShowErr
FOR /F "delims=#" %%c IN ('TYPE C:\Computers.txt') Do (
      Echo Processing: %%c
       if /i +%Action%+==+L+  ( PSShutdown \\%%c -o
      ) else (  SHUTDOWN -m \\%%c -%Action% -f -t 30 )
)
Goto EndScript
:ShowErr
Echo "C:\Computers.txt" file does not exist or file is empty!
:EndScript
ENDLOCAL
:: SCRIPT END

Hope this helps..
I do the same thing in my office every day.I got this from an expert in EE>.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20293534
...two options

a) http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/566.mspx?mfr=true

b) you use sysinternals package - psshutdown - to log them off, much nicer tool than batching (in my eyes)
0
 

Author Comment

by:colmisdiv
ID: 20321182
I'm not familiar with the tool and am terrible at scripting. What syntax would i use to log off all computers in my domain?
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20325111
Use the script as it is as the Action is set to L (Logoff)
You need to change this
set Action=L
to any othe if you want
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20341896
Did any of the solutions help getting what you wanted...
0
 

Author Comment

by:colmisdiv
ID: 20374872
bsharath - I've been out a few days. Sorry it took so long to get back. I don't have the recources to go to every machine and put in this script. I am looking to administer from the domain controller.
0
 

Author Comment

by:colmisdiv
ID: 20374892
Jay Jay 70- Waiting for response. Psshutdown Tool - I'm not familiar with the tool and am terrible at scripting. What syntax would i use to log off all computers in my domain from the domain controller.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20377916
im no good at scripting,. i make it up as i go....syntax is here
http://www.ss64.com/nt/psshutdown.html
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20379492
Hi,

If scripting is fine with you then just put in the machine names in the computers.txt file then run it from a machine which has Administrative rights then all machines in the txt file will be logged off...
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question