how do you control users that dont log off the network?

[ceez]

hello fellow msfn'ers?

As always there are users out there that for some reason REFUSE to log off their machines.... The one's that wonder why something doesnt work since they never log off and policies never get updated...but i digress.

What I am trying to accomplish is for XP to logoff when it's midnight. By the time morning comes around the users will HAVE TO log in again. And how about for those that actually LOCK their workstations? when they unlock in the morning, will XP logoff or will it stay logged in?

I was wondering what do you use to automatically log off users. I know we can set log on hours, but in an architectural firm the CADD techs come in early, leave late or work overnight and not allowing them logon access would just give us more problems.

I've looked at Winexit.scr which is from the server 2k tools but I cant figure out a way of deploying it and having it run at a certain time, ie: midnight. I found an ADM file, but need to play with that one a bit more.

I've looked into creating a batch file which contains the AT command and creating a task that runs at midnight, but for some reason it doesnt run. It says 'running' but nothing happens. Yet when I try it on my home pc (not in a domain of course) it works just fine. This job will then run a batch file which will also be deployed via GP to somewhere in the users HD in some inconspicuous location

BTW, this is what my scripts looks like:

for the task creation:

at 23:59 "c:\forceshut.bat"

in this example the batch file is in the 'inconspicious location' of root!!!

for the logoff portion (forceshut.bat) I am using shutdown.exe which comes with XP:

C:\Windows\system32\shutdown.exe -l -t 3 -f

switches: l =logoff | t =wait 3 secs | f =force application termination

I know I need some more testing on the tasks in a domain environment, but I would still like to know what you guys use.

thanks for reading!

ceez

[Zartach]

Hmmm, well in the domain setting you might want to build a VB script to query for all computernames and call a remote shutdown command. Obviously you need to make sure the script only shows results of PC's and no servers Maybe place all clients in a separate OU for that purpose.

But it could be usefull as a policy, also with remote commands people can't mess with it on their machine, some of those users get sneaky sometimes. The only problem that remains is people who unplug their PC from the network.

Zar