Active Directory Logout Logged on Users

Laramie1 used Ask the Experts™
I have a request to automate a way to logout all currently logged on Active Directory users at a specified time.  For example at 10:00 pm everyday I need to query AD for all currently logged on users on all computers and automatically log them out.  
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

I have not tested this to see if it will specifically disconnect the user from the server, but it is worth a try.
Under "Active Directory Users and Computers", "your domain", choose "Users" from the left column.
Now select one or more user accounts you wish to restrict, and then "right click" and choose "Properties". Select the "Account" tab, check the Check Box "Logon hours:".
You can then click "Logon hours..." button and select the times that you want to restrict the user's access to the server. It may not disconnect them at the specific time.
this can be done through group policy or if you are in a small environment it can be done on a per user basis.
group policy:

\Computer Configuration\ Windows Settings\ Security Settings\ Local
Policies\ Security Options\ Network Security: Force logoff when logon hours

You must enable logon hours as posted by MPFRASER for this to work.

You can also assign the winexit screen saver through group policy which will log them off.
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

just setting the logon hours as suggested without the group policy will NOT log them off, but will prevent them from loging on during the restricted period.


I would rather not force them to use this screensaver.  Also, I would not like to restirct their logon hours either incase they need to get OWA email from home late at night.  Any other suggestions?
IT Consultant
if you have a complete list of workstations, you should be able to set something of a scheduled task to run this batch command from a "master computer" to force users to log off...

psshutdown @mycomputerlist.txt -f -o -t 30

you'd need to download pstools to do this, but it will go thru each machine and force users to logoff after 30 seconds.
the psshutdown is a good solution.


I would rather have a GPO than a script but this solution will work.
run the script by gpo :)
ThinkPaperIT Consultant

Laramie - other than the solutions offered to you, there is no quick and easy way to do this via GPO - hence you are going to have to resort to some kind of script or task.

Even if you attach the script with GPO, you will need an "action" to set it off.. and a startup/shutdown and logon/logoff won't work as it's dependent on a certain time.

So task scheduler is the next best option.

On another note, the next time you close a question, I'd advise you take more notice on how you grade solutions as it has no effect on your point but is more to help other folks with similar questions search for answers =)

""Grading at Experts Exchange is not like school. It's more like the "10-point Must" system in professional boxing; in other words, an answer is worth an A, unless it doesn't resolve your issue. If it requires you to do a little more research, or figure out one more piece of code, then it's worth a B. If you think it's not worth a B, the custom is to offer the Experts an opportunity to earn a better grade. Giving a higher grade has no impact on your Available Points.""

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial