I need to force my users to log off every night for x amount of minutes. How can I do this without forcing them to stay logged out for an hour?

I am running Active Directory on Windows 2003 domain controllers in native mode. I need to force my users to log off every night. Now I know there is a LOGON HOUR policy but  I do not want to restrict them for a whole hour. I just need them to log out and back on so that any new login scripts would be applied to them. I dont like users staying logged in for weeks at a time and only locking their keyboards. Now one thing about this .... I do not want to do this with a script that runs on every single pc or have to run a shutdown command from a remote computer against every computer. The WinExit scr will not work for me either. I want users to be able to use whatever screen saver they want. This needs to be controlled centrally somehow. Any ideas on how to accomplish this. I cant believe MS only allows you to block a user for one hour incements. So... how can I force a logoff?
dkittsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Henrik JohanssonSystems engineerCommented:
The native solution for your problem is to use logon hours combined with the following policy setting enabled.
Computer Configuration\Windows Settings\Local Policies\Security Options\Network Security: Force logoff when logon hours expire

If it's a Terminal Server, you can configure max session lengths to be max 24 hours, but this is as I know not possibly except of the usage of WinExit.scr

If you don't want to use neither logon hours or winexit.scr, you nead to implement some kind of scripting to do what you want. Either execute logoff.exe through a scheduled task on each client or target each client remotely from a script executed on a server.

Just curious, but why is it so critical to have the logon scripts to be executed every day?
0
dkittsAuthor Commented:
its not mission critical that the logon scripts run every day. sometimes thhough I will through an update or patch of some sort in to the login script. we also have a scan that runs at logon to do a hardware and software inventory. it would just be nice to know that stuff does get run everyday.
im going to leave this open a few days and see if someone has any other ideas.

thanks
0
Henrik JohanssonSystems engineerCommented:
For the patch management, use automatic updates connecting to WSUS combined with GPOs instead of distributing patches with logon script (unnecessary administrative permissions for the users).

For the inventory, it sounds like you nead to implement MS SMS. It cost money, but will do the job for you with a distributed agent collecting hardware and software inventory. Other features of SMS is remote control and software installation.
0
dkittsAuthor Commented:
Neither comment helped me. I am closing this ticket. What I did to resolve this was to create an "AT" command to do a nightly reboot. Users did not have local admin rights to ad this command so I had to do a runas to get this to work. I passed the runas pw thru via sanur.exe.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.