Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

I need to force my users to log off every night for x amount of  minutes. How can I do this without forcing them to stay logged out for an hour?

Posted on 2008-10-22
4
Medium Priority
?
619 Views
Last Modified: 2010-03-17
I am running Active Directory on Windows 2003 domain controllers in native mode. I need to force my users to log off every night. Now I know there is a LOGON HOUR policy but  I do not want to restrict them for a whole hour. I just need them to log out and back on so that any new login scripts would be applied to them. I dont like users staying logged in for weeks at a time and only locking their keyboards. Now one thing about this .... I do not want to do this with a script that runs on every single pc or have to run a shutdown command from a remote computer against every computer. The WinExit scr will not work for me either. I want users to be able to use whatever screen saver they want. This needs to be controlled centrally somehow. Any ideas on how to accomplish this. I cant believe MS only allows you to block a user for one hour incements. So... how can I force a logoff?
0
Comment
Question by:dkitts
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22780895
The native solution for your problem is to use logon hours combined with the following policy setting enabled.
Computer Configuration\Windows Settings\Local Policies\Security Options\Network Security: Force logoff when logon hours expire

If it's a Terminal Server, you can configure max session lengths to be max 24 hours, but this is as I know not possibly except of the usage of WinExit.scr

If you don't want to use neither logon hours or winexit.scr, you nead to implement some kind of scripting to do what you want. Either execute logoff.exe through a scheduled task on each client or target each client remotely from a script executed on a server.

Just curious, but why is it so critical to have the logon scripts to be executed every day?
0
 

Author Comment

by:dkitts
ID: 22785458
its not mission critical that the logon scripts run every day. sometimes thhough I will through an update or patch of some sort in to the login script. we also have a scan that runs at logon to do a hardware and software inventory. it would just be nice to know that stuff does get run everyday.
im going to leave this open a few days and see if someone has any other ideas.

thanks
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22788277
For the patch management, use automatic updates connecting to WSUS combined with GPOs instead of distributing patches with logon script (unnecessary administrative permissions for the users).

For the inventory, it sounds like you nead to implement MS SMS. It cost money, but will do the job for you with a distributed agent collecting hardware and software inventory. Other features of SMS is remote control and software installation.
0
 

Accepted Solution

by:
dkitts earned 0 total points
ID: 23593950
Neither comment helped me. I am closing this ticket. What I did to resolve this was to create an "AT" command to do a nightly reboot. Users did not have local admin rights to ad this command so I had to do a runas to get this to work. I passed the runas pw thru via sanur.exe.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question