Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

force logoff not working!!!

2 views
Skip to first unread message

DanC

unread,
Mar 19, 2003, 4:46:46 PM3/19/03
to
Hello,
The GP is already set to force a logoff when your hours
expire, but it doesn't log anyone off, it just doesn't
let you login during those hours.
Has any one gotten this to work
Help!!
thanks

Tony Yuhas [MSFT]

unread,
Mar 20, 2003, 12:35:13 PM3/20/03
to
Hi Dan,

If you type "net accounts" at a cmd line, I suspect
you'll see the following line:

Force user logoff how long after time expires?:
Never

To set this use this cmd:

net accounts /forcelogoff:<minutes> /domain

Where "minutes" is the number of minutes ahead of the
forced logoff to warn the user.

Tony Yuhas
Active Directory Tools
------------------------------------------
This posting is provided "AS IS" with no warranties, and
confers no rights.

>.
>

Vsevolod Titov [MSFT]

unread,
Mar 20, 2003, 1:13:36 PM3/20/03
to
It works fine in my domain.

A couple of points to check:
1. The SMB server belongs to the same domain where you set the forced logoff
policy
2. Guest user account is disabled on SMB server side

Also please be aware of the offline files. Even if the SMB server dropped
the connection you can still browse the share on server if you made this
share available offline on a client. In this case you can access the files
from offline cache as if you are still connected. When connection is
re-establlished the changes you made offline are synchronized with a server.

--
V.T.


This posting is provided "AS IS" with no warranties, and confers no rights

"DanC" <da...@citadelmgmt.com> wrote in message
news:18d001c2ee61$0a11eae0$a201...@phx.gbl...

DanC

unread,
Mar 20, 2003, 3:39:35 PM3/20/03
to
Hello,
what do you mean when you say smb server??
I have a windows 2000 server with windows xp clients
I have setup the gp to force a logoff of the user.
I have used the net accounts command to set the time to
logout to five minutes.
when the time comes the user stays logged in and any
files that the user has open on the network a not closed.
what is the force logout supposed to do?
will it just disconnect the user from the server or will
it log them off the workstation.
Thanks in advance for your help
Dan

>.
>

DanC

unread,
Mar 20, 2003, 3:59:16 PM3/20/03
to
Hello,

I have a windows 2000 server with windows xp clients
I have setup the gp to force a logoff of the user.
I have used the net accounts command to set the time to
logout to five minutes.
when the time comes the user stays logged in and any
files that the user has open on the network a not closed.
what is the force logout supposed to do?
will it just disconnect the user from the server or will
it log them off the workstation.
Thanks in advance for your help
Dan

>.
>

Vsevolod Titov [MSFT]

unread,
Mar 20, 2003, 8:03:51 PM3/20/03
to
SMB server is a server that uses Server Message Block (SMB) protocol. This
protocol is used to access file system remotely in Windows world.

To answer the last question - forced logoff policy is policy for SMB server,
i.e. the computer which has a network share accessible from a network. This
policy, if enabled on a server, disconnects users when their logon hours
expire.

This is the explanation of this policy from the help file:
========================================

Network security: Force logoff when logon hours expire
Description
This security setting determines whether to disconnect users who are
connected to the local computer outside their user account's valid logon
hours. This setting affects the Server Message Block (SMB) component.

When this policy is enabled, it causes client sessions with the SMB server
to be forcibly disconnected when the client's logon hours expire.

If this policy is disabled, an established client session is allowed to be
maintained after the client's logon hours have expired.

Default: Enabled.

Configuring this security setting
You can configure this security setting by opening the appropriate policy
and expanding the console tree as such: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings,
see To edit a security setting on a Group Policy object.

Note

a.. This security setting behaves as an account policy. For domain
accounts, there can be only one account policy. The account policy must be
defined in the Default Domain Policy, and it is enforced by the domain
controllers that make up the domain. A domain controller always pulls the
account policy from the Default Domain Policy Group Policy object (GPO),
even if there is a different account policy applied to the organizational
unit that contains the domain controller. By default, workstations and
servers that are joined to a domain (for example, member computers) also
receive the same account policy for their local accounts. However, local
account policies for member computers can be different from the domain
account policy by defining an account policy for the organizational unit
that contains the member computers. Kerberos settings are not applied to
member computers.
For more information, see:

a.. Account and local policies
b.. Set logon hours
c.. Security Configuration Manager Tools

--
V.T.
This posting is provided "AS IS" with no warranties, and confers no rights
"DanC" <da...@citadelmgmt.com> wrote in message

news:269e01c2ef20$d1634110$3401...@phx.gbl...

note.gif
0 new messages