Solved

How to create logoff policy in Group Policy Management

Posted on 2008-10-07
2
551 Views
Last Modified: 2012-06-21
I'm trying to create a logoff policy as described here...
http://support.microsoft.com/?kbid=198642
However I am using the SBS 2003 Group Policy Management Console and the instructions for Windows 2000 don't seem relevant.
Where do I drill down in the GPMC in order to find and edit the logoff script?
Thanks.
0
Comment
Question by:ArkAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22664749
1.If you want to do it by number of inactivity hours, then you must use the WinExit.scr Screen Saver... which CAN be configured by Group Policy.  http:Q_21566165.html

2.Here's another reference which is more specific to SBS:  http://msmvps.com/blogs/kwsupport/archive/2004/09/01/12709.aspx

3.to be a bit more specific, look at this comment:  http:Q_21566165.html#14913265

4.You can use the "loopback" processing of group policies for that.
a. In the "Public WS" OU, create a new GPO named, for example "Loopback"; check "deactivate userdefined configuration" (I'm not sure about the English name of that entry) in properties. Edit the GPO and enable: Computer Configuration - Administrative Templates - group policies - Activate Loopback mode for group policies (or similar; as I said, I don't use an English version, so check out the explanation tab if unsure). Set the mode to replace (or merge, whatever suits you better).
b. Now create your additional GPO(s) for your users in this OU; especially the screen saver setting ... If possible, check "deactivate computer configuration" in those. Important: Do *not* use the "Loopback" GPO to configure other settings. These GPOs will now only apply if the users logon to the public workstation. Depending on your loopback mode setting, your regular user GPOs will still apply, but they will be overridden by the settings defined in your "Public WS" GPO.
Note that you do (or "may") *not* need to put the users in (or below) the "Public WS" OU. New GPOs in that OU will be applied to *all* users logging on to that machine, even though those users are not in/below the public WS OU.
To exclude administrators, use the security group filtering. I'd recommend to do the following (for any GPO, not only the "Public WS"): For every GPO, create a global security group named, for example, GPol<GPO name> (*G*lobal *Pol*icy group for GPO <name>). Make the desired users member of this group. In the security settings for the GPO, remove the "Apply" and "Read" permission for the default "Authenticated Users", add it for the proper security group instead. That way you're pretty safe from surprises ...

Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

5.
0
 
LVL 4

Accepted Solution

by:
Jerrod_W earned 500 total points
ID: 22664854
I use SBS as well. Under the GPMC, go to My Business -> Users -> SBSUsers.  Edit  the policy and go to  User Configuration -> Windows Settings -> Scripts. From there you can add the script that you want to run on user logoff.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question