General discussion


Force logoff after a time of logon

By hsadry ·
We have active directory on W2K. I want my users to be automatically logged off after a specific period of logon.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by paul7410 In reply to Force logoff after a time ...

There might be another way to force a logoff, but the three options I know of are:

1) Windows 'shutdown.exe' - if you're version of windows doesn't have it - it is available in the Microsoft resource kit. YOu can use this or sysinternals psshutdown.

2) winexit.scr - screensaver that autologs off after certain amount of time

You may also want to use a script like this:

'User-defined function to determine if the machine is up and logged in
Function MachineIsUp(strComputer)

Dim WshShell, Ping

Set WshShell = WScript.CreateObject("WScript.Shell")
Ping = WshShell.Run("ping -n 1 " & strComputer, 0, TRUE)
If Ping = 0 Then
Set Service = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set ObjectSet = Service.InstancesOf("Win32_ComputerSystem")
For Each Object In ObjectSet
If IsNull(Object.Username) Then
WScript.Echo UCase(strComputer) & ": Machine is on but not logged in"
MachineIsUp = -1
WScript.Echo UCase(strComputer) & ": Machine is logged in as user " & Object.Username
MachineIsUp = 0
End If
WScript.Echo UCase(strComputer) & ": Machine is not turned on"
MachineIsUp = -1
End If

End Function

'connect to the root of AD
Dim rootDSE, domainObject
Set rootDSE=GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set oDomain = GetObject("LDAP://" & domainContainer)

'start with the domain root

Sub WorkWithObject(oContainer)
Dim oADObject
For Each oADObject in oContainer
Select Case oADObject.Class
Case "computer"
End select
End Sub

Collapse -

by hsadry In reply to

Poster rated this answer.
I have limited my users not to shutdown the computer so shutdown.exe encounters "Access denied" error.

Also winexit.scr is based on idle time that is not desired.

Collapse -

by ManISKid In reply to Force logoff after a time ...

Every copy of Windows2000 professional has its very own terminal services client access license (something that they stopped with WinXP), and setting logon behaviour is very easy in terminal services.

Otherwise you could build some code that runs for an hour after being initialised by task manager to logoff the user.

Something like a timer that runs for an hour before running

Collapse -

by hsadry In reply to

Our clients run WinXP so your first solution can not be taken! Is it correct?

Can you explain about where should I write these codes? I want to limit only one or two computers, is your solution applicable?

Collapse -

by ManISKid In reply to Force logoff after a time ...

Written in C#
You need to find anyone with visual studio C# variants and get them to compile it. Then run it at logon. I havent tested this beyond shutting down my own computer a few times, so I think that you may need to try different things such as setting the user who is instigating the logoff
(through shutdown).

Also if you are using only a few computers/users then windows allows 2 user terminal services access for administration, but I'd be really careful not to allow any more access than is wise.

using System;
using System.Timers;
using System.Diagnostics;

public class Timer1

public static void Main()
System.Timers.Timer aTimer = new System.Timers.Timer();
aTimer.Elapsed+=new ElapsedEventHandler(OnTimedEvent);
// Set the Interval to 5 seconds.

Console.WriteLine("Press \'q\' to quit the sample.");

// Specify what you want to happen when the Elapsed event is raised.
public static void OnTimedEvent(object source, ElapsedEventArgs e)
Console.Write("Timed out");
System.Diagnostics.Process.Start("shutdown", "/l");

Collapse -

by ManISKid In reply to

I'd like to take my last answer back, I now believe that setting up a VPN or a dial-in account is the best option for this scenario.

Set up a VPN, allow access through the ad groups mmc, use a different subnet (i think), install rras then set up acccess for the computers, the logon should still be the same for the users if you set it up right. But with the ability to set time-out features.

Related Discussions

Related Forums