Solved

Group policy to log off all machine in Domain

Posted on 2007-11-15
11
373 Views
Last Modified: 2010-03-17
I need help configuring a group policy to log off all machines within my domain. I configured Network security: force logoff when hours expire and defined 3 AD accounts with specific logon hours. The machines weren't logged off. Any other ideas?
0
Comment
Question by:colmisdiv
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 12

Expert Comment

by:bhnmi
ID: 20289338
It does not actually "log off" the machines user. It terminates all connections to the domain and makes them inactive for the said time. You need to run a script to log off the machines.
0
 
LVL 12

Expert Comment

by:bhnmi
ID: 20289365
I am not very good with VB scripting so I use a scheduled task to run a batch file to reboot the machines.

shutdown -m \\mycomputer.mycompany.local -r -f -t 10

This is not a very effective way if you have lots of machines because you need to make an entry for each one.
0
 
LVL 11

Accepted Solution

by:
bsharath earned 250 total points
ID: 20289438
As there is no internal functionality to logoff a user.
Use this code every day at the specific time.
Create a file called "Computers.txt" put in all computers that yo need to logg off.Then run the Bat file
You can even change to restart of shutdown the computer

:: NEW VERSION
::      SET Action=S  ::For shutdown
::      SET Action=R ::For Restart
::      SET Action=L ::For Logoff
::
:: IF YOU LEAVE EMPTY (SET ACTION=) THE SCRIPT IS IN INTERACTIVE MODE
::
:: SCRIPT START
@Echo OFF
SETLOCAL
:------------------------------------------------
SET Action=
::------------------------------------------------
if +%Actions%+==++ (
rem Set the default actions if Action is empty
  set Action=L
rem ask to the user the action
  set /p Action=Shutdown/Restart/Logoff [s,r,L]?
)  
IF NOT EXIST C:\Computers.txt Goto ShowErr
FOR  %%R IN  (C:\Computers.txt) Do IF %%~zR EQU 0 Goto ShowErr
FOR /F "delims=#" %%c IN ('TYPE C:\Computers.txt') Do (
      Echo Processing: %%c
       if /i +%Action%+==+L+  ( PSShutdown \\%%c -o
      ) else (  SHUTDOWN -m \\%%c -%Action% -f -t 30 )
)
Goto EndScript
:ShowErr
Echo "C:\Computers.txt" file does not exist or file is empty!
:EndScript
ENDLOCAL
:: SCRIPT END

Hope this helps..
I do the same thing in my office every day.I got this from an expert in EE>.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20293534
...two options

a) http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/566.mspx?mfr=true

b) you use sysinternals package - psshutdown - to log them off, much nicer tool than batching (in my eyes)
0
 

Author Comment

by:colmisdiv
ID: 20321182
I'm not familiar with the tool and am terrible at scripting. What syntax would i use to log off all computers in my domain?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 11

Expert Comment

by:bsharath
ID: 20325111
Use the script as it is as the Action is set to L (Logoff)
You need to change this
set Action=L
to any othe if you want
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20341896
Did any of the solutions help getting what you wanted...
0
 

Author Comment

by:colmisdiv
ID: 20374872
bsharath - I've been out a few days. Sorry it took so long to get back. I don't have the recources to go to every machine and put in this script. I am looking to administer from the domain controller.
0
 

Author Comment

by:colmisdiv
ID: 20374892
Jay Jay 70- Waiting for response. Psshutdown Tool - I'm not familiar with the tool and am terrible at scripting. What syntax would i use to log off all computers in my domain from the domain controller.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20377916
im no good at scripting,. i make it up as i go....syntax is here
http://www.ss64.com/nt/psshutdown.html
0
 
LVL 11

Expert Comment

by:bsharath
ID: 20379492
Hi,

If scripting is fine with you then just put in the machine names in the computers.txt file then run it from a machine which has Administrative rights then all machines in the txt file will be logged off...
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now