locked
Automatically log off Users RRS feed

  • Question

  • Hi everyone

     

    This question is related to Windows Server 2003. I could not find a sub section for server 2003 (strange), so I apologise for posting it here (next thing close to Server 2003 I guess).

     

    Scanario

    I am trying to set up user log on restrictions. Currently users have a set logon hours and they cannot log on outside of that time period. The problem I have is that users who have logged on within the permitted hours are able to stay logged on throughout the restricted hours. Say for eg:
    User are able to log on form 9am - 5pm. Users cannot log on outside of that hours and everything is going well.
    Users who have logged on between 9am - 5pm are able to stay on logged on after 5pm. Need to force log off users after logon hours expire.

     

    Here is what I have done to the Default Domain Policy - Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options:
    Microsoft network server: Disconnect clients when logon hours expire     -     Enable
    Network security: Force logoff when logon hours expire     -     Enable

     

    Rsult:

    Users cannot logon after log on hours
    Users who logged on during logon hours are still logged on with internet access - but they are disconnected form the network shares/Server.

     

    Question

    Is there a way to kick users off after logon hours expire? Saving work is not an issue, just an un-conditional "force log off" is all I am looking for. I have been configuring all setting with Enterprise Administrator account logon.

     

     

    Any help will be much appreciated.

     

    Thank You

    Thursday, May 22, 2008 1:47 PM

Answers

  •  

    Hi,

     

    Based on my research, currently, we couldn't force user to logoff through GP when permitted logon hours expire.

     

    The "Force logoff when logon hours" policy just effects SMB component. When it is enabled, the established SMB connection will forcibly disconnect when logon hours expire.

     

    I think script can help us realize it. We can create a script that verifies the logon hours from AD database in a certain interval, like 5 minutes. If it finds the logon hours expire, it will lunch 'force logoff' function. However, unfortunately, creating a script is related to programming issue and beyond what we can do here. I'd like to suggest you post script related questions to our MSDN queue. The engineers and communities there are more specialized in creating script and will assist you in a more efficient manner.

     

    MSDN Public newsgroup

    http://msdn.microsoft.com/newsgroups/default.asp

     

    MSDN Forum:

    http://forums.microsoft.com/msdn

     

    Alternatively, please search on internet to see if there is any third-party tool that can realize this function.

     

    Hope this helps.

     

    Please search on the internet

     

    Best wishes

    --------------
    Morgan Che

    Microsoft Online Community Support

    Friday, June 6, 2008 2:07 AM

All replies

  • I too would love to know how to do this... Does anyone here know?
    Wednesday, May 28, 2008 1:04 PM
  • Under Security Options there is setting for Network Security: Force logoff when logon hours expire.

    Thursday, May 29, 2008 6:47 AM
  •  

    Hi,

     

    Based on my research, currently, we couldn't force user to logoff through GP when permitted logon hours expire.

     

    The "Force logoff when logon hours" policy just effects SMB component. When it is enabled, the established SMB connection will forcibly disconnect when logon hours expire.

     

    I think script can help us realize it. We can create a script that verifies the logon hours from AD database in a certain interval, like 5 minutes. If it finds the logon hours expire, it will lunch 'force logoff' function. However, unfortunately, creating a script is related to programming issue and beyond what we can do here. I'd like to suggest you post script related questions to our MSDN queue. The engineers and communities there are more specialized in creating script and will assist you in a more efficient manner.

     

    MSDN Public newsgroup

    http://msdn.microsoft.com/newsgroups/default.asp

     

    MSDN Forum:

    http://forums.microsoft.com/msdn

     

    Alternatively, please search on internet to see if there is any third-party tool that can realize this function.

     

    Hope this helps.

     

    Please search on the internet

     

    Best wishes

    --------------
    Morgan Che

    Microsoft Online Community Support

    Friday, June 6, 2008 2:07 AM
  • You can use our software ActiveExit for that: it can forcefully log off the inactive users after a period of inactivity, even if they are disconnected form the server. It supports Group Policy, please give it a try.

    Thursday, August 12, 2010 4:57 PM
  • The "Local Policies > Security Options > Automatically logoff users when logon time expires" setting might make you think that it would work that way, but it only applies to file and print servers (SMB component).

    You should give a look to a 3rd-party software solution named UserLock that (among numerous other features) really disconnects users with prior warning outside of authorized timeframe(s).

     


    François Amigorena President & CEO IS Decisions (Security Software) http://www.isdecisions.com
    Wednesday, September 22, 2010 8:29 AM