Solved

I need to force my users to log off every night for x amount of  minutes. How can I do this without forcing them to stay logged out for an hour?

Posted on 2008-10-22
4
607 Views
Last Modified: 2010-03-17
I am running Active Directory on Windows 2003 domain controllers in native mode. I need to force my users to log off every night. Now I know there is a LOGON HOUR policy but  I do not want to restrict them for a whole hour. I just need them to log out and back on so that any new login scripts would be applied to them. I dont like users staying logged in for weeks at a time and only locking their keyboards. Now one thing about this .... I do not want to do this with a script that runs on every single pc or have to run a shutdown command from a remote computer against every computer. The WinExit scr will not work for me either. I want users to be able to use whatever screen saver they want. This needs to be controlled centrally somehow. Any ideas on how to accomplish this. I cant believe MS only allows you to block a user for one hour incements. So... how can I force a logoff?
0
Comment
Question by:dkitts
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22780895
The native solution for your problem is to use logon hours combined with the following policy setting enabled.
Computer Configuration\Windows Settings\Local Policies\Security Options\Network Security: Force logoff when logon hours expire

If it's a Terminal Server, you can configure max session lengths to be max 24 hours, but this is as I know not possibly except of the usage of WinExit.scr

If you don't want to use neither logon hours or winexit.scr, you nead to implement some kind of scripting to do what you want. Either execute logoff.exe through a scheduled task on each client or target each client remotely from a script executed on a server.

Just curious, but why is it so critical to have the logon scripts to be executed every day?
0
 

Author Comment

by:dkitts
ID: 22785458
its not mission critical that the logon scripts run every day. sometimes thhough I will through an update or patch of some sort in to the login script. we also have a scan that runs at logon to do a hardware and software inventory. it would just be nice to know that stuff does get run everyday.
im going to leave this open a few days and see if someone has any other ideas.

thanks
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22788277
For the patch management, use automatic updates connecting to WSUS combined with GPOs instead of distributing patches with logon script (unnecessary administrative permissions for the users).

For the inventory, it sounds like you nead to implement MS SMS. It cost money, but will do the job for you with a distributed agent collecting hardware and software inventory. Other features of SMS is remote control and software installation.
0
 

Accepted Solution

by:
dkitts earned 0 total points
ID: 23593950
Neither comment helped me. I am closing this ticket. What I did to resolve this was to create an "AT" command to do a nightly reboot. Users did not have local admin rights to ad this command so I had to do a runas to get this to work. I passed the runas pw thru via sanur.exe.
0

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now