From: Eric Chamberlain (eric@uclink.berkeley.edu)
Date: Fri Nov 08 2002 - 12:26:20 PST
Scripting the forceful disconnect of a user from a server is doable.
The problem is that there is no clean way to disconnect the user, unless
the application supports some kind of disconnect notice. The server has
no way of knowing what the client is doing when it terminates the
connection, so it can't do the cleanup for the client. If these are
database files, you might want to look at what the database has for
backups or look at backup software that can backup open files. I'm not
a database person, but my understanding is that any decent transactional
database should allow you to backup the database while users and
connected. If your application can shutdown cleanly when windows sends
the app notice, a script to shutdown the app running at 6pm on each
machine is probably your best bet.
-- Eric Chamberlain, CISSP Campus Active Directory Architect Central Computing Services University of California, Berkeley http://calnetad.berkeley.edu-----Original Message----- From: owner-micronet-list@uclink4.berkeley.edu [mailto:owner-micronet-list@uclink4.berkeley.edu] On Behalf Of John Kelly Sent: Thursday, November 07, 2002 5:45 PM To: ford@econ.berkeley.edu Cc: micronet-list@uclink4.berkeley.edu; Administrator@unex.berkeley.edu; Paul Baber; Aaron Trost; Beverly Rose; cgi@unex.berkeley.edu; CNS#032#Manager@unex.berkeley.edu; CNS-Log@unex.berkeley.edu; jkelly@unex.berkeley.edu; Janie Johnson; Margaret Warwas; Terrie Eusterbrock; User#032#Consulting#032#Group@unex.berkeley.edu; Veronica Labarca Subject: RE: [Micronet] automatic logouts from Active Directory
Ford and Eric,
Thanks for your answers. What we're trying to do is prevent users from keeping critical files open--some users run software written in-house that updates student, course and other database files. For backups, bulk transfers, etc., we want a nice big window--say 10:00 p.m. to 6:00 a.m.--when we know for sure all user access will be curtailed.
In the Windows Resource Kit I see some tools that can be used in scripts run from the client side. It boggles my mind that there's no way to disconnect people from the server side, other than pointing and clicking
--jk.
>>> Ford Chiang <ford@econ.Berkeley.EDU> 11/07/02 05:25PM >>> Depending on what you're trying to achieve a possible alternative to automatic logouts would be to have the screen saver with password turn on automatically. Forced logouts might cause people to lose work, an autoscreen saver would just prevent someone from accessing an unattended computer. there's a couple of options under group policies that set screen savers and time outs with a requirement for passwords User Configuration -> Administrative Templates -> Control Panel -> Display Hide Screen Saver Tab Screen Saver Password protect screen saver Screen saver timeout
-Ford
On Thu, 7 Nov 2002, Eric Chamberlain wrote:
> I believe the Resource Kit has some screen savers that can be used to > log users out after some idle time period. > > -- > Eric Chamberlain, CISSP > Campus Active Directory Architect > Central Computing Services > University of California, Berkeley http://calnetad.berkeley.edu > > > -----Original Message----- > From: owner-micronet-list@uclink4.berkeley.edu > [mailto:owner-micronet-list@uclink4.berkeley.edu] On Behalf Of John > Kelly (by way of Micronet mailing list administrator) > Sent: Thursday, November 07, 2002 12:37 PM > To: micronet-list@uclink4.berkeley.edu > Subject: [Micronet] automatic logouts from Active Directory > > > How do you set things up in Active Directory so that most users (say > all members of certain groups) get logged out automatically? > > The "login time restriction" works great for keeping them from logging
> in after a given time--but if they're already logged in, they stay in,
> and that can make trouble. > > I've been all over the user profiles and policies, and can't find > anything that works. > > > John Kelly > Communication & Network Services Manager > Extension Information Systems > University of California, Berkeley > jkelly@unex.berkeley.edu > > ---------------------------------------------------------------------- > -- > The following was automatically added to this message by the list > server: > > For information about Micronet, including subscribing to > or unsubscribing from its mailing list and finding out > about upcoming meetings, please visit the Micronet Web site: > <http://micronet.berkeley.edu/>. > > > ---------------------------------------------------------------------- > -- > The following was automatically added to this message by the list server: > > For information about Micronet, including subscribing to > or unsubscribing from its mailing list and finding out > about upcoming meetings, please visit the Micronet Web site: > <http://micronet.berkeley.edu/>. >
------------------------------------------------------------------------ The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
------------------------------------------------------------------------ The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.
This archive was generated by hypermail 2b29 : Fri Nov 08 2002 - 12:32:27 PST