Link to home
Start Free TrialLog in
Avatar of Laramie1
Laramie1

asked on

Active Directory Logout Logged on Users

I have a request to automate a way to logout all currently logged on Active Directory users at a specified time.  For example at 10:00 pm everyday I need to query AD for all currently logged on users on all computers and automatically log them out.  
Avatar of mpfraser
mpfraser

I have not tested this to see if it will specifically disconnect the user from the server, but it is worth a try.
Under "Active Directory Users and Computers", "your domain", choose "Users" from the left column.
Now select one or more user accounts you wish to restrict, and then "right click" and choose "Properties". Select the "Account" tab, check the Check Box "Logon hours:".
You can then click "Logon hours..." button and select the times that you want to restrict the user's access to the server. It may not disconnect them at the specific time.
this can be done through group policy or if you are in a small environment it can be done on a per user basis.
group policy:

\Computer Configuration\ Windows Settings\ Security Settings\ Local
Policies\ Security Options\ Network Security: Force logoff when logon hours
expire

You must enable logon hours as posted by MPFRASER for this to work.

You can also assign the winexit screen saver through group policy which will log them off.
just setting the logon hours as suggested without the group policy will NOT log them off, but will prevent them from loging on during the restricted period.
Avatar of Laramie1

ASKER

I would rather not force them to use this screensaver.  Also, I would not like to restirct their logon hours either incase they need to get OWA email from home late at night.  Any other suggestions?
ASKER CERTIFIED SOLUTION
Avatar of ThinkPaper
ThinkPaper
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
the psshutdown is a good solution.
I would rather have a GPO than a script but this solution will work.
run the script by gpo :)
Laramie - other than the solutions offered to you, there is no quick and easy way to do this via GPO - hence you are going to have to resort to some kind of script or task.

Even if you attach the script with GPO, you will need an "action" to set it off.. and a startup/shutdown and logon/logoff won't work as it's dependent on a certain time.

So task scheduler is the next best option.

On another note, the next time you close a question, I'd advise you take more notice on how you grade solutions as it has no effect on your point but is more to help other folks with similar questions search for answers =)
...

""Grading at Experts Exchange is not like school. It's more like the "10-point Must" system in professional boxing; in other words, an answer is worth an A, unless it doesn't resolve your issue. If it requires you to do a little more research, or figure out one more piece of code, then it's worth a B. If you think it's not worth a B, the custom is to offer the Experts an opportunity to earn a better grade. Giving a higher grade has no impact on your Available Points.""