"c:\Program Files\IdleLogoff\IdleLogoff.exe" 1800 logoff Logon/Logoff scripts in the Group Policy Management EditorĬlick the Show Files button to open a new window where you can place the Logon script we’ll use.Ĭreate a new batch file for a Logon scriptĬreate a new text file named IdleLogoff.bat in the folder, with the following text: Echo off Double-click Logon on the right side of the window. Go to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff). Next, we’ll need to set our user-side Group Policy settings. New File Properties to copy IdleLogoff.exe to computers User-side Group Policy settings Set the Destination File value to C:\Program Files\IdleLogoff\IdleLogoff.exe. In the Source File(s) section, select the IdleLogoff.exe that we put into \\domain.local\sysvol\domain.local\files\IdleLogoff\IdleLogoff.exe. Go back to your GPO and go to Computer Configuration > Preferences > Windows Settings > Files. IdleLogoff executable in the Sysvol folder Just make sure that domain computers have at least read-only access to both the share and the file system. For a production environment, you’ll probably want to do this from a file share. See comments below.įor demo purposes in this article, I’m going to put my copy into Active Directory’s Sysvol folder. UPDATE: We removed the link to the website that hosts idlelogoff.exe is because the site is infected with malware. Next, we’ll need to copy a small utility to the multiuser computers. (I’ve written articles on loopback processing in Group Policy and common usage scenarios if you’d like more information.)Ĭonfigure user Group Policy loopback processing mode to Merge This will let us apply a user-side policy to computer objects in Active Directory. Once you’re in the Group Policy Management Editor, you’ll need to go to Computer Configuration > Policies > Administrative Templates > System > Group Policy > Configure user Group Policy loopback processing mode. Next, we’ll need to right-click the new GPO and choose Edit. This lets the multiuser computers get the same Group Policy as all of the other computers without forcing the “idle logoff” on every single computer.Ĭreate new GPO in the Group Policy Management Console For multiuser computers, I usually like to create a new sub-Organizational Unit (OU) inside the original OU that contains all the other non-multiuser computers. To set up our solution, we’ll need to create a new Group Policy Object (GPO) in the Group Policy Management Console (GPMC). This session doesn’t work for physical computers that people are using at the console. You can use it for logging off idle users on Remote Desktop Services (RDS, formerly Terminal Services). I’ve seen this setting recommended-a LOT-as a solution for logging off idle users. “Set time limit for disconnected sessions” policy (for RDS sessions only) The setting is located in Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits > Set time limit for disconnected sessions. Do you really want to run something this old on your network if you don’t have to? Another is a Group Policy setting that a lot of people point to as a solution to this problem. And, last but not least, getting this old utility to work correctly on newer OSs is just a pain. It also requires you to lengthen your screensaver activation time so you don’t accidentally log off a user who has gone on a break or lunch period. This solution doesn’t take into account newer operating systems that include Fast User Switching. A systems administrator can set the workstation’s screensaver to winexit.scr, and the user would be logged off when the screensaver activated. One solution that used to be popular is the winexit.scr screensaver included in the Windows NT Server 4.0 Resource Kit. Before we get started, I’d like to address two of the ways I’ve seen suggested as a way to handle logging off idle user sessions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |