Force logoff when logon hours expire

I collection logon hours for all my domain customers. Now I want to pressure logoff as soon as they expire.

You watching: Force logoff when logon hours expire

I have a couple of concerns though:

In the plan it claims it should be identified in the default domain plan. Is this the case? I did not desire it to use to everyone. I understand I have the right to fiddle via constraints and also stuff however Id prefer to simply make a new plan and apply it at the OU.Will this log the user off if their screen is locked?
Which of the adhering to retains the indevelopment it's storing once the mechanism power is turned off?
*

*

bitlocker

I don"t think it nessesarily hregarding be in the Default Doprimary Policy however I think it has to be used at Domajor level not OU. Like password policies.

If you don"t want to use to everyone, produce a brand-new GPO, apply it at Domajor level, then create a team of denied particular logon hours, then deny Apply Group Policy to that group on the ACL (Delegation) of the GPO.

Yes, it will log them off if the screen is locked, successfully anyway, it"ll just block SMB, but they"ll still need to actually "logoff".

Edited Mar 26, 2015 at 13:46 UTC
1
· · ·
*

Mace
OP
cduff Mar 26, 2015 at 13:33 UTC

Tbelow is no GPO that will certainly log customers off workstations as soon as logon hours expire. Tbelow is one that will certainly disconnect network connections to smb servers. The establishing is unhelptotally called to be certain. If it claims it requirements to be in the DDP, I"d trust that.


1
· · ·
*

Ghold Chili
OP
Kelly Armitage Mar 26, 2015 at 13:36 UTC

cduff wrote:

Tright here is no GPO that will certainly log customers off workstations as soon as logon hrs expire. There is one that will certainly disconnect network-related connections to smb servers.

This is correct.

Tbelow *IS* a policy which says "force logoff when logon hrs expire" or some such misleading wording, but it will execute no such point. The user will certainly still have actually full usage of the COMPUTER, through the exemption of network sources (shares / printers etc)

They will certainly not be logged off. (at least not making use of that policy)


2
· · ·
Datil
OP
Theborgman77
This perchild is a confirmed skilled.
Verify your account to enable IT peers to see that you are a experienced.
Mar 26, 2015 at 13:45 UTC

Selfresearch is an IT organization provider.


You can constantly limit the application of a GPO through delegation in the GPO.


0
· · ·
Tabasco
OP
Jeremy Flynn
This perboy is a showed experienced.
Verify your account to permit IT peers to view that you are a experienced.
Mar 26, 2015 at 13:50 UTC

Well is tright here any way to carry out this? My individuals never before log out.

My shutdvery own plan is not working once they are logged in. Offline documents execute not sync properly if they are not loggin in and out either.

See more: My Hard Drive Not Showing Up In Boot Priority, Hard Drives/Ssds Not Showing In Boot Priority


0
· · ·
Mace
OP
cduff Mar 26, 2015 at 13:53 UTC

You can attempt to collection them up a booked task via the following provided you aren"t married to the concept of having it run in sync via the login hrs. You deserve to set it up via Group Policy Preferences and also you have actually really excellent granular manage of exactly how it applies. Different times and also schedules for various groups/comptuers/whatever before. I do not know how it"ll occupational if their work station is locked or if they have the right to cancel it. Just need to run a couple of tests.


Batchfile

shutdown /l /f /t 0
1
· · ·
Mace
OP
cduff Mar 26, 2015 at 13:57 UTC
 Jeremy Flynn wrote:

Well is tbelow any type of method to perform this? My individuals never before log out.

My shutdown policy is not working when they are logged in. Offline files do not sync properly if they are not loggin in and also out either.

Also, if you had actually used that one policy, it can mess through offiline files" ability to sync external of their logon hours, being that offline papers is over smb.
0
· · ·
Ghost Chili
OP
Kelly Armitage Mar 26, 2015 at 14:02 UTC

cduff wrote:

You can try to collection them up a reserved job with the complying with gave you aren"t married to the concept of having it run in sync with the login hrs. You deserve to collection it up with Group Policy Precommendations and you have actually really excellent granular regulate of exactly how it uses. Different times and also schedules for various groups/comptuers/whatever before. I do not understand how it"ll occupational if their occupational terminal is locked or if they can cancel it. Just need to run a couple of tests.


Batchfile

shutdvery own /l /f /t 0
They can be aborted.....yet they"d need to run a command prompt and also form shutdvery own /a (and it might just use to shutdowns not logoffs). Either method through a t 0 setting, they"d never before have time to do that.


1
· · ·
Ghold Chili
OP
Kelly Armitage Mar 26, 2015 at 14:03 UTC

If you perform use the shutdown command also, I think I"d go via a rebegin rather of just a logoff. If you are risking them shedding unsaved work, you can also reboot the COMPUTER while you"re at it.


0
· · ·
Tabasco
OP
Jeremy Flynn
This person is a showed experienced.
Verify your account to permit IT peers to view that you are a skilled.
Mar 26, 2015 at 16:37 UTC

Ok below is the concern. I have actually my shutdvery own making use of powershell script pointed at a list of Computers. I actually initially wanted to usage booked tasks yet they will certainly not work-related.

For instance I just tried(again) to make the log off scheduled job. I created a test OU and also a test User. I configured a user policy for the scheduled job.

The trigger is a scheduled time(8:00 PM). 

The activity is %systemroot%logoff.exe

The user is %domain%\%user%

It is set to run as soon as they are logged in

Item lvl targeting -> my test user

----------------

The task does not show up on the computer. GPoutcome mirrors it used, yet. This is the same difficulty I had actually with my shutdvery own scheduled job.

If I manually run the task nothing happens on the client pc. So then I begin transforming settings.

I tried NT AUTHORITY SYSTEM, Domajor ADMIN, run once logged off or not. No issue what i never watch the task. And HIDDEN is not checked.

See more: 5 Ways To Fix Windows 7 Stuck On Preparing To Install, Here'S How To Fix It

I would certainly use the powershell manuscript that I currently have actually working for shutdown and also replace through rebegin yet the difficulty is that doesnt job-related unless they are logged off. Unmuch less there is a means to pressure it...