Solved

Restrict logon times

Posted on 2015-01-02
5
90 Views
Last Modified: 2015-01-05
The log on hours would work but for people who get email on their cell phones would not work. Is there another way to restrict log in during a specific time?
0
Comment
Question by:stlhost
5 Comments
 
LVL 21

Assisted Solution

by:dan_blagut
dan_blagut earned 50 total points
ID: 40528951
Hello
 
in fact restrict time block also OWA/active sync. you can't dissociate unles you use Good for Enterprise.
(http://community.spiceworks.com/topic/173678-activesync-iphones-and-windows-logon-)

Dan
0
 
LVL 24

Assisted Solution

by:Lionel MM
Lionel MM earned 50 total points
ID: 40529039
If you want to prevent logging onto a domain you can use "net user" but if you users need to logon to the domain to get exchange email then this will not work. However if your exchange mail is hosted or cloud based (like Office365) then it will. I use this command in a batch file
for /F "tokens=1 delims=," %%i in (C:\Utils\UserList.csv) do net user %%i /time:monday-friday,8am-6pm
I have a list of users that I need to restrict in C:\Utils\UserList.csv (and I can add, change, delete users as needed) and then I can easily change /time:monday-friday,8am-6pm as needed and have it apply to all users in my list with just a few quick changes. Hope it can help you too--if not let me know what more specifically you need.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 350 total points
ID: 40529114
Providing that your Exchange server is on-premise and not based in the cloud then there's no real graceful solution for your question without resorting to third party software. Enabling logon hours restrictions prevents any soft of AD authentication during these periods.

May I ask why you want to restrict logins? Only reason I ask is if it's for some sort of legacy database maintenance that requires all users to be logged off in order to run then maybe we can look other ways of achieving this.
0
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 50 total points
ID: 40529440
One possibility might be to create a group policy to prevent Interactive Logins, apply it to that specific group, and then use whatever scripting method to drop people in and out of that group during that time.

What it won't do is kick people out who are logged in on workstations, TS/CTX, etc. For them, you'd have to write another script to go out to your machines and kick them out.  

Coralon
0
 
LVL 2

Author Comment

by:stlhost
ID: 40531343
Thanks everyone for the help. Basically this was to keep people from logging in and working when they shouldn't be off the clock
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Event-ID 3001, 3011 - LoadPerf - Windows Server 2003 14 45
how do i add admin console 4 26
Active Directory Failed Logon Attempts. 18 54
Whitelisting applications 2 21
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question