Solved

automatic Logoff GPO is not working for user locked screens

Posted on 2015-02-20
6
117 Views
Last Modified: 2015-02-27
On my work network, I'm testing the following logoff GPO with a test user account:

http://blogs.technet.com/b/askds/archive/2010/08/24/forcing-afterhours-user-logoffs.aspx

I've done enough GPOs and this one is also pretty simple thing to implement....

However, The GPO works when the test user is logged in but IT DOESN'T WORK when the test user's computer screen is locked. Why is that? The ideal situation is to automatic logoff my network users after hours whether they are logged in or their screens are locked. Hopefully this is simple solution because i've played with all the options in the GPO to no avail.
0
Comment
Question by:jslaught
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40621528
It's because of one simple setting:Capture.JPGTo the operating system, a user that has locked their workstation is *technically* not logged in.  This is one of the nuances of fast-user switching.  If you change it so that the task runs whether the user is logged in or not, then it should work (however, this may cause errors in the event log depending upon what logoff.exe log's in cases where a user is already logged out.

-saige-
0
 

Author Comment

by:jslaught
ID: 40621664
@ saige ....

thank you for your suggestion however, when I selected "run whether user is logged on or not" option it prompted me for a password with the following message:

"a password cannot be entered for a variable user and is required when using the "run whether user is logged on or not" option".
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40621678
Correct, you have to provide credentials.  This is where you can end up on a slippery slope.  If you define a user who's credentials change then the task will fail when the user changes their password.  If you define a user's who's password never expires, then you have a potential security risk.

In either case, the configuration should be well-documented so that 6 months from now, you know why it is configured this way.

-saige-
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:jslaught
ID: 40621756
What's weird is when i setup the GPO like my original link above, it recognized the job in the local workstation task scheduler. Plus it even says that it ran but it really it did not for a user who's screen was locked. Very baffling.

Per your last comment above, for testing purposes, in the GPO, I selected "run whether user is logged on or not" and added an admin account with password. Did gpupdate /force on the server and the test machine. The local task scheduler didn't dispaly the task and it did not run.

So there is no true way of doing an automatic logoff via GPO?
0
 
LVL 34

Accepted Solution

by:
it_saige earned 500 total points
ID: 40621812
You are correct.  There is no true way to do an automatic *workstation* logoff in GPO (there are terminal services logoff policies).

Every recommendation or process is, generally speaking, a hack.

-saige-
0
 

Author Closing Comment

by:jslaught
ID: 40635173
It's been decided to do an daily automatic workstation reboot via a GPO since there is no true way to do an automatic workstation logoff via a GPO.
0

Featured Post

Get Database Help Now w/ Support & Database Audit

Keeping your database environment tuned, optimized and high-performance is key to achieving business goals. If your database goes down, so does your business. Percona experts have a long history of helping enterprises ensure their databases are running smoothly.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Multi-threading long-running processes can have a significant increase in overall performance and drastically decrease over time it takes for a process to complete. Unfortunately, not all applications support native multi-threading, some by design a…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question