Monterio
asked on
How to log off all Windows 7 and XP users at the OU level
I have a Windows Server 2008 domain and want to log all Windows 7 and Windows XP users off (since they lock their systems), provide a 15 minute warning before it happens and apply this at the OU level.
I've read lots of posts and several KB articles, but there's many ways to do this and I'm a bit confused. Will someone please provide a step-by-step process I need to follow to facilitate what I need done by Server 2008 GPO only??
Please no links, I need actual steps. Thanks!
I've read lots of posts and several KB articles, but there's many ways to do this and I'm a bit confused. Will someone please provide a step-by-step process I need to follow to facilitate what I need done by Server 2008 GPO only??
Please no links, I need actual steps. Thanks!
ASKER
That link does not explain how to enable this process via GPO. It is merely a method of performing a local logoff. I am looking for clearly defined steps to do I need done as expained in the question. Thanks anyway.
ASKER
The other thing is that in your example, this logs the users off, but then they can't log back on either until log off period expires. This is not what I need. I need the user whose locked their workstation (CTRL-ALT-DEL) to be autmoatically logged off after a certain hour, but be able to log right back in if need be.
There are users who work odd hours, after normal working hours. If I follow your suggestion, the user will be logged out, but they won't ge able to log back in until their log off period has expired...correct?
There are users who work odd hours, after normal working hours. If I follow your suggestion, the user will be logged out, but they won't ge able to log back in until their log off period has expired...correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could also use a free tool like SpecOps GPUpdate. It does not have a Log off option, but it does have a reboot option. Adds right click context menu's to AD Users and Computers. You could click over an OU and tell the OU to reboot. http://www.specopssoft.com/products/specops-gpupdate
ASKER
Okay, I think I'm following you. I've looked at that section of the GPO and see what it is you're talking about. I tried using the the commands in your response in a batch file, but that didn't pan out well. Could you give me the exact syntax for the .bat file?
ASKER
My question was directed at McKnife, by the way. WBLUNA, thanks for the suggestion but that will not work, as I do not wish to reboot the users. As I stated, I need to simply log them off as they leave their workstations locked, which is unacceptable.
First please tell me if that task got created on the client side and what you exactly mean by "didn't pan out well".
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, McKnife.
I tried to copy and pate that code into a batch file and it wouldn't run. I got bad command or file name.
Bloodygonzo, having two policies to deploy two different screensavers isn't the way my boss wants to go.
I need a single solution, single method to do what I need, unfortunately.
I tried to copy and pate that code into a batch file and it wouldn't run. I got bad command or file name.
Bloodygonzo, having two policies to deploy two different screensavers isn't the way my boss wants to go.
I need a single solution, single method to do what I need, unfortunately.
...then you got another problem on your pc: copy and paste is out of order. Seriously, the code is alright.
The solution I mentioned is one screen saver and a single GPO solution. The only difference between windows 7 and xp is that the screen saver just works in XP and in windows 7 you need to modify permissions on a registry key and then it just works. The link I provided includes a powershell script to change the key permissions for you as well.
Sorry, by sites policy I have to put the copyrighted link
Check this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314999
Or follow this (tested on Windows 2003 AD Server)
First on user account must set Logon hours
Second on Policy Editor (According to MS only works on Global) go to
Computer configuration -> Windows Settings -> Security Settings -> Local Policies -> security options -> Network Security: force logoff when hours logon expire
-hope helps-