myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


Force User Log Off

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Force User Log Off Page: [1]
Login
Message << Older Topic   Newer Topic >>
Force User Log Off - 9/3/2008 4:23:04 PM   
rbennett806


Posts: 821
Score: 13
Joined: 6/14/2006
Status: offline 		Well I thought I'd see if anyone out here is doing anything with forced user log offs. For example, John Doe logs into a machine in an open computer lab area, and when he's done he simply walks away. I'm looking for something I can push out via SCCM that will forcefully log him off after X amount of inactivity.

And of course I need to do this for Windows XP and windows Vista. And that "logoff.scr" screensaver that's floating around on the web won't do the trick for me. I was thinking about using Task Scheduler and "psshutdown.exe", but all my experiments are failing when I try to use a command-line (either a batch file or a VBscript).

So I feel like I'm missing something obvious, and I'm hoping that one of you SCCMers have already solved this in your environment and would be willing to share some info...
Post #: 1
RE: Force User Log Off - 9/3/2008 4:29:12 PM   
hcortez463


Posts: 766
Score: 58
Joined: 4/8/2005
Status: offline 		cant you do this through a GPO.

_____________________________

If it Helps, Please rate....

(in reply to rbennett806)
Post #: 2
RE: Force User Log Off - 9/3/2008 4:45:01 PM   
ghernandez211

 

Posts: 24
Score: 0
Joined: 5/15/2008
Status: offline 		You can deploy a group policy that will log all users within that OU or the entire domain at a certain time. I have a policy configured in my domain that forces all users to logs off the pc at a certain time. 

(in reply to hcortez463)
Post #: 3
RE: Force User Log Off - 9/3/2008 5:11:43 PM   
rbennett806


Posts: 821
Score: 13
Joined: 6/14/2006
Status: offline 		From what I remember those GPO settings are set for a specific time, and not after a certain amount of inactivity.

And I need this to be flexible enough that I can roll it out to specific machines (not all the machines in my OU structure are on SCCM). Oh, and I have a feeling that the time of inactivity will have to vary (so maybe after 30 minutes for some machines, and after 90 minutes for others).

Anyone have any other ideas?

(in reply to ghernandez211)
Post #: 4
RE: Force User Log Off - 9/4/2008 10:51:19 AM   
jboehlke926

 

Posts: 31
Score: 0
Joined: 7/25/2008
Status: offline 		It believe this is possible with the new Group Policy Preferences (GP 2.0).  Included in Vista SP1
and available by download for XP SP2 and above.  We have been using ScriptLogic's Desktop
Authority product to accomplish the inactivity logout or lock, but are looking at switching to using
Group Policy Preferences since they are free and now allow you to control many things by GPO
that you could not do before.

(in reply to rbennett806)
Post #: 5
RE: Force User Log Off - 9/4/2008 4:26:19 PM   
rbennett806


Posts: 821
Score: 13
Joined: 6/14/2006
Status: offline 		I have a feeling I must have overloooked something then... Where in the GPO's Preferences section did you see something about being able to do this sort of thing? The only thing I saw that was close was the Task Scheduler. But if I'm going to set a scheduled task there, then I should be able to do it via a script just as easily. So any clues as to what specific preference you're talking about?

(in reply to jboehlke926)
Post #: 6
RE: Force User Log Off - 9/5/2008 10:52:12 PM   
jboehlke926

 

Posts: 31
Score: 0
Joined: 7/25/2008
Status: offline 		Do you have the Preferences Extensions installed?  I think you also have to be using the latest GPE that came out after Vista SP1.  Also you may still be correct.  In looking further, it appears that Preferences give you the ability to manage Power Setting and Power Schemes, but NOT force user logoff.

http://sdmsoftware.com/blog/2008/08/power_management_in_xp.html
http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088-a6bbce0a4304&ID=204
http://forums.technet.microsoft.com/en-US/winserverGP/thread/a3b78bcd-3b04-480c-994e-1e066765582b/

Looks like I may need to stick with DesktopAuthority for now...

Jeff

(in reply to rbennett806)
Post #: 7
RE: Force User Log Off - 9/6/2008 1:29:39 PM   
brpo

 

Posts: 35
Score: 1
Joined: 8/11/2006
Status: offline 		Hi
There is a utility from if i remember well the windows 2003 resourse kit that does just that (based on screen saver timeout) : Winexit.scr
hope it helps
here is the link
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

(in reply to rbennett806)
Post #: 8
RE: Force User Log Off - 9/8/2008 11:29:19 AM   
rbennett806


Posts: 821
Score: 13
Joined: 6/14/2006
Status: offline 		Yeah, we used to use the log off screen saver, but after awhile some of the users figured out that they simply had to change their screen saver and then they were never logged off. So I need something else. Anyone else have any ideas?

(in reply to brpo)
Post #: 9
RE: Force User Log Off - 10/9/2008 9:30:18 PM   
dstein


Posts: 618
Score: 5
Joined: 3/12/2003
From: Virginia, USA
Status: offline 		That group policy setting is so often misleading. Microsoft should have renamed it to "Deny access to resources when logon time expires" It doesn't force a logoff. It never has. It simply expires the user's session token used for accessing resources within the same domain or forest. In fact, the user can continue working locally and even browse the web without any restrictions. Even remote servers on other domains may continue to work fine. It simply denies them access to shares and resources on the same domain. To truly "force" a logoff at the time configured for the user account, you have to employ a separate method like a third-party utility, a script or scheduled task. There are lots of ways to do that, each with its own ups and downs for implementing and maintaining.

_____________________________

software is squishy-squashy, hardware is wishy-washy

(in reply to rbennett806)
Post #: 10
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Force User Log Off Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.297