Jump to content

Number of Logins Per Day

Blahages

By Blahages
in Windows XP

 Share

Recommended Posts

Railman5

Railman5

Posted
Posted

Zxian

This looks excellent... great work both of you. This is the kind of stuff that happens when MSFN's best put their minds together.

My sentiments exactly.

Jcarle, nmX.Memnoch. Thank you for all your hard work.

Just 1 spanner potentially in the works you may be able to answer.

I run several home accounts and kids being what they are wanting to install games etc I have all the accounts as administrators - easier on my nerves! :whistle:

Just wondering if I followed the latest train of thoughts would there be any problems.

dont want to screw up the family pc without checking first.

'part from that great work again guys.

Link to comment
Share on other sites

nmX.Memnoch

nmX.Memnoch

Posted
Posted
Jcarle, nmX.Memnoch. Thank you for all your hard work.
Sure. :)
Just 1 spanner potentially in the works you may be able to answer.

I run several home accounts and kids being what they are wanting to install games etc I have all the accounts as administrators - easier on my nerves! :whistle:

Errr...

Well, while it will technically work, they'll be able to reconfigure their accounts (and any other account).

dont want to screw up the family pc without checking first.
Want to really keep that from happening? Don't give the kids admin access. :)
Link to comment
Share on other sites
Railman5

Railman5

Posted
Posted
QUOTE(Railman5 @ Aug 13 2007, 11:18 AM)

Just 1 spanner potentially in the works you may be able to answer.

I run several home accounts and kids being what they are wanting to install games etc I have all the accounts as administrators - easier on my nerves!

Errr...

Well, while it will technically work, they'll be able to reconfigure their accounts (and any other account).

:whistle: Yea I know that. hopefully the kids arn';t savvy enough to work it out though :hello:

QUOTE(Railman5 @ Aug 13 2007, 11:18 AM)

dont want to screw up the family pc without checking first.

Want to really keep that from happening? Don't give the kids admin access.

Unfortunately that would be more trouble than its worth!

be interesting seeing there reaction when it boots them off though

LMAO :thumbup

Thanks for replying.

Just wait till you have kids! :wacko:

Link to comment
Share on other sites
nmX.Memnoch

nmX.Memnoch

Posted
Posted
Just wait till you have kids! :wacko:

I've got two...a son who turns 6 in a few days and another son who turned 1 in June. Three words (ok, technically a letter, a number and two words):

K9 Web Protection

I have a domain so I have several options available to me...one of which is specifying logon hours. I'm also going to be standing up ISA Server at some point. Overkill? Maybe...but at least I'm trying and if nothing else I can use it when they're in trouble. Right now though, since my oldest boy is still so young I'm not so worried about him going to look for stuff...I'm more worried about him finding it accidentally.

Link to comment
Share on other sites
  • 2 weeks later...
nmX.Memnoch

nmX.Memnoch

Posted
Posted
cool utility nmX.Memnoch :)
Thanks but I can't take all the credit. SessionManager itself is jcarle's. :)
btw the 'net user' command can be used to specify logon times for user accounts, but it does not support 'sessions'.

http://www.microsoft.com/resources/documen...r.mspx?mfr=true

http://support.microsoft.com/kb/251394

That's cool to know that it can be done to local accounts. The only thing that sucks is that Windows doesn't auto-logoff the user when the logon hours expire. I found some settings that are supposed to work...but they don't.

It'll disconnect any network sessions (if you configure that) and prevent you from accessing anything...except the internet (unless you use a proxy that requires authentication). But other than that the only thing it does is prevents you from logging on if you're already logged off. Sure...I could do some stuff with a Scheduled Task and what not...but the Network security: Force logoff when logon hours expire setting should work as you would think it would.

Here's the description text from TechNet for that setting:

This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component.When this policy is enabled, it causes client sessions with the SMB server to be forcibly disconnected when the client's logon hours expire.

If this policy is disabled, an established client session is allowed to be maintained after the client's logon hours have expired.

Not exactly what you'd think from the way the option is worded is it?

Link to comment
Share on other sites
jcarle

jcarle

Posted
Posted
but the Network security: Force logoff when logon hours expire setting should work as you would think it would.
Have you tried setting it as a local machine policy on the client machine?
Link to comment
Share on other sites
nmX.Memnoch

nmX.Memnoch

Posted
Posted
but the Network security: Force logoff when logon hours expire setting should work as you would think it would.
Have you tried setting it as a local machine policy on the client machine?

Don't have to...I have a domain, remember? :)

It's all forced through GPO on both the workstations and the domain controller. But yes, I've tried everything. Even this, but it doesn't work. Leaving the /domain option off of the command applies it to the local machine...but again, it doesn't work.

Link to comment
Share on other sites
nmX.Memnoch

nmX.Memnoch

Posted
Posted

No, the user can't logon if it's outside the logon hours. However, if they logon during the allowed period, they're not automatically logged off when the logon hours expire. Again, the wording of that setting is a bit misleading because that's not the purpose of the setting.

I could whip up a quick script that would run in the background to force a logout...that's not a problem. But what good are the logon hours if it doesn't forcefully log them out automatically? :)

For example, if the logon hours expired at say, 10PM, schedule the following to run "Only if I'm logged on" to run at 9:59PM (if you're not familiar with my "style", the code is KiX):

; Loop until 2 seconds before the logon hours expire
; By the time the logout process finishes the hours will have expired
;   and they won't be able to log back in
Do
   Sleep 1
Until @TIME = "21:59:58"

; Forcefully logout
LogOff(1)

BTW...if there's any interest I can take a stab at updating the SessionManager Configurator to include configuring logon hours for local accounts. I can also see about including option to exclude running it on weekends.

Link to comment
Share on other sites
jcarle

jcarle

Posted
Posted
No, the user can't logon if it's outside the logon hours. However, if they logon during the allowed period, they're not automatically logged off when the logon hours expire. Again, the wording of that setting is a bit misleading because that's not the purpose of the setting.

I could whip up a quick script that would run in the background to force a logout...that's not a problem. But what good are the logon hours if it doesn't forcefully log them out automatically? :)

For example, if the logon hours expired at say, 10PM, schedule the following to run "Only if I'm logged on" to run at 9:59PM (if you're not familiar with my "style", the code is KiX):

; Loop until 2 seconds before the logon hours expire
; By the time the logout process finishes the hours will have expired
;   and they won't be able to log back in
Do
   Sleep 1
Until @TIME = "21:59:58"

; Forcefully logout
LogOff(1)

BTW...if there's any interest I can take a stab at updating the SessionManager Configurator to include configuring logon hours for local accounts. I can also see about including option to exclude running it on weekends.

I could write a windows service which would verify with the domain server if the account is within allowed logon hours, if not, boot the account.

Link to comment
Share on other sites
nmX.Memnoch

nmX.Memnoch

Posted
Posted

Yeah, I could do that with an LDAP query...but it would always be active in the background and query every so often. The Scheduled Task would only run once, and only if the user is logged on. It's something that I can also enforce with a GPO (create a user logon script GPO that checks to see if the tasks exists, if not, create it).

I can also enforce permissions on it so that it can't be deleted. :)

However, your idea may be of some use as an addition to SessionManager.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...