[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to create logoff policy in Group Policy Management

Posted on 2008-10-07
2
Medium Priority
?
554 Views
Last Modified: 2012-06-21
I'm trying to create a logoff policy as described here...
http://support.microsoft.com/?kbid=198642
However I am using the SBS 2003 Group Policy Management Console and the instructions for Windows 2000 don't seem relevant.
Where do I drill down in the GPMC in order to find and edit the logoff script?
Thanks.
0
Comment
Question by:ArkAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22664749
1.If you want to do it by number of inactivity hours, then you must use the WinExit.scr Screen Saver... which CAN be configured by Group Policy.  http:Q_21566165.html

2.Here's another reference which is more specific to SBS:  http://msmvps.com/blogs/kwsupport/archive/2004/09/01/12709.aspx

3.to be a bit more specific, look at this comment:  http:Q_21566165.html#14913265

4.You can use the "loopback" processing of group policies for that.
a. In the "Public WS" OU, create a new GPO named, for example "Loopback"; check "deactivate userdefined configuration" (I'm not sure about the English name of that entry) in properties. Edit the GPO and enable: Computer Configuration - Administrative Templates - group policies - Activate Loopback mode for group policies (or similar; as I said, I don't use an English version, so check out the explanation tab if unsure). Set the mode to replace (or merge, whatever suits you better).
b. Now create your additional GPO(s) for your users in this OU; especially the screen saver setting ... If possible, check "deactivate computer configuration" in those. Important: Do *not* use the "Loopback" GPO to configure other settings. These GPOs will now only apply if the users logon to the public workstation. Depending on your loopback mode setting, your regular user GPOs will still apply, but they will be overridden by the settings defined in your "Public WS" GPO.
Note that you do (or "may") *not* need to put the users in (or below) the "Public WS" OU. New GPOs in that OU will be applied to *all* users logging on to that machine, even though those users are not in/below the public WS OU.
To exclude administrators, use the security group filtering. I'd recommend to do the following (for any GPO, not only the "Public WS"): For every GPO, create a global security group named, for example, GPol<GPO name> (*G*lobal *Pol*icy group for GPO <name>). Make the desired users member of this group. In the security settings for the GPO, remove the "Apply" and "Read" permission for the default "Authenticated Users", add it for the proper security group instead. That way you're pretty safe from surprises ...

Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

5.
0
 
LVL 4

Accepted Solution

by:
Jerrod_W earned 2000 total points
ID: 22664854
I use SBS as well. Under the GPMC, go to My Business -> Users -> SBSUsers.  Edit  the policy and go to  User Configuration -> Windows Settings -> Scripts. From there you can add the script that you want to run on user logoff.
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question