Set up a logon time restriction in Windows 2008 Do...

This tutorial is not available in selected language (Español)

Set up a logon time restriction in Windows 2008 Domain

created by ares, 08. 03. 2012

Some users log on to the network and then don't log off for months. This is a prominent security hole, as when that user leaves her desk, she still is authenticated to the network with her credentials. Malicious people can use this to do destructive things: delete and transfer files, plant a "root kit" or backdoor program, or change passwords.

You can make automatic logoff work in two ways: first, each valid user needs to have a time when she is not permitted to log on. This can be sometime in the early morning, perhaps 3:00 to 3:30 a.m. Then, a change to the local security policy needs to be made so that when the user's logon time expires, she is not permitted to log on.

To set up a logon time restriction on a domain controller for an Active Directory-enabled domain, follow these steps:

Inputs / Conditions / Prerequisites

Windows Server 2008 attached to Domain

Steps

1

Go to the Active Directory Users and Computers snap-in.
2

Expand the icon for your domain and click the Users container.
3

Right-click a user and select Properties.
4

Click the Account tab, and then click the Logon Hours ... button.
5

Select the appropriate region of time in the calendar block, and click the radio buttons to the right to either permit or deny logons during that time.
6

Click OK, and then OK once more to exit the user property sheet.

Outputs

Logon time restriction in Windows 2008 Domain

Translations

English100 %