Solved

I need to force my users to log off every night for x amount of  minutes. How can I do this without forcing them to stay logged out for an hour?

Posted on 2008-10-22
4
616 Views
Last Modified: 2010-03-17
I am running Active Directory on Windows 2003 domain controllers in native mode. I need to force my users to log off every night. Now I know there is a LOGON HOUR policy but  I do not want to restrict them for a whole hour. I just need them to log out and back on so that any new login scripts would be applied to them. I dont like users staying logged in for weeks at a time and only locking their keyboards. Now one thing about this .... I do not want to do this with a script that runs on every single pc or have to run a shutdown command from a remote computer against every computer. The WinExit scr will not work for me either. I want users to be able to use whatever screen saver they want. This needs to be controlled centrally somehow. Any ideas on how to accomplish this. I cant believe MS only allows you to block a user for one hour incements. So... how can I force a logoff?
0
Comment
Question by:dkitts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22780895
The native solution for your problem is to use logon hours combined with the following policy setting enabled.
Computer Configuration\Windows Settings\Local Policies\Security Options\Network Security: Force logoff when logon hours expire

If it's a Terminal Server, you can configure max session lengths to be max 24 hours, but this is as I know not possibly except of the usage of WinExit.scr

If you don't want to use neither logon hours or winexit.scr, you nead to implement some kind of scripting to do what you want. Either execute logoff.exe through a scheduled task on each client or target each client remotely from a script executed on a server.

Just curious, but why is it so critical to have the logon scripts to be executed every day?
0
 

Author Comment

by:dkitts
ID: 22785458
its not mission critical that the logon scripts run every day. sometimes thhough I will through an update or patch of some sort in to the login script. we also have a scan that runs at logon to do a hardware and software inventory. it would just be nice to know that stuff does get run everyday.
im going to leave this open a few days and see if someone has any other ideas.

thanks
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22788277
For the patch management, use automatic updates connecting to WSUS combined with GPOs instead of distributing patches with logon script (unnecessary administrative permissions for the users).

For the inventory, it sounds like you nead to implement MS SMS. It cost money, but will do the job for you with a distributed agent collecting hardware and software inventory. Other features of SMS is remote control and software installation.
0
 

Accepted Solution

by:
dkitts earned 0 total points
ID: 23593950
Neither comment helped me. I am closing this ticket. What I did to resolve this was to create an "AT" command to do a nightly reboot. Users did not have local admin rights to ad this command so I had to do a runas to get this to work. I passed the runas pw thru via sanur.exe.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question