Force Logoff when Login Time Restrictions Are In Place (Windows Server)

Time to read: 5 mins

This is a somewhat misleading Microsoft policy, in fact all this does is disconnect SMB (printers, file shares etc) from the user. But the user will remain logged into the network/PC. There is currently no way to action a fully automated logoff via GPO (you could try a scheduled task/batch file to force a machine to log out but this would not be taken from the AD time scales.

On your windows server, open Group Policy Management.

Within GPO, create a new policy. In this instance, I’ve named the policy “Force Logoff When Time Restrictions Are In Place”.

To configure this you will need to go to the following location:

Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Security Options –> Network Security: Force Logoff when logon hours expire.

Set from “Disabled” to “Enabled”

Once done, you will need to place the new GPO into your default domain policy area. You can then force a policy update in command prompt:

gpupdate /force 

For the computer policy, you may need to log off and back on again for each user account, and then the new policy should be activated and will work against the logon hours of your users in the active directory.

Leave a Reply

Your email address will not be published. Required fields are marked *