Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Windows NT4.0 Auto Logout
- Thread starter LoopyLoo
- Start date
I posted this under another thread, hope it helps!
Network security: Force logoff when logon hours expire.
This setting affects the Server Message Block (SMB) component.
When this policy is enabled, it causes client sessions with the SMB server to be forcibly disconnected when the client's logon hours expire.
If this policy is DISabled, an established client session is allowed to be maintained after the client's logon hours have expired.
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Note
This security setting behaves as an account policy. For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain Policy, and it is enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from the Default Domain Policy Group Policy object (GPO), even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers that are joined to a domain (for example, member computers) also receive the same account policy for their local accounts. However, local account policies for member computers can be different from the domain account policy by defining an account policy for the organizational unit that contains the member computers. Kerberos settings are not applied to member computers.
Corie
Network security: Force logoff when logon hours expire.
This setting affects the Server Message Block (SMB) component.
When this policy is enabled, it causes client sessions with the SMB server to be forcibly disconnected when the client's logon hours expire.
If this policy is DISabled, an established client session is allowed to be maintained after the client's logon hours have expired.
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Note
This security setting behaves as an account policy. For domain accounts, there can be only one account policy. The account policy must be defined in the Default Domain Policy, and it is enforced by the domain controllers that make up the domain. A domain controller always pulls the account policy from the Default Domain Policy Group Policy object (GPO), even if there is a different account policy applied to the organizational unit that contains the domain controller. By default, workstations and servers that are joined to a domain (for example, member computers) also receive the same account policy for their local accounts. However, local account policies for member computers can be different from the domain account policy by defining an account policy for the organizational unit that contains the member computers. Kerberos settings are not applied to member computers.
Corie
- Thread starter
- #3
You can set up policies in NT Server by running the program POLEDIT.EXE from the run window. When the policy editor opens, click on FILE then choose CONNECT. Type in the PC you want to administer, or the PC where the user is logged in at.
The trick here is that if you want to set policy for a USER, the user must be logged in to the PC you are connecting to.
Then, just surf through the different policies, setting and configuring whatever you need.
Since my users all use their same PC every day, I had the user log in, then set the individual PC policy WINDOWS NT REMOTE ACCESS to 8 hours, and the PC automatically logs them out exactly 8 hours after they log in, no hassles.
This worked just fine for my NT network.
Corie
The trick here is that if you want to set policy for a USER, the user must be logged in to the PC you are connecting to.
Then, just surf through the different policies, setting and configuring whatever you need.
Since my users all use their same PC every day, I had the user log in, then set the individual PC policy WINDOWS NT REMOTE ACCESS to 8 hours, and the PC automatically logs them out exactly 8 hours after they log in, no hassles.
This worked just fine for my NT network.
Corie
- Thread starter
- #5
Sorry - I am not making myself clear here. We have a couple of hundred NT/Win2K servers. We need to maintain security. As a result we have a policy whereby all servers are logged out on the console when not in use. On Win2K we can autologout a session if it is inactive for more than 10 minutes. We require something similar for Windows NT. It's an inactivity logout I am looking for not a specific time logout.
Any ideas?
Any ideas?
Ahh. Sorry for the confusion. I found this at Tech-Net, maybe it will help.
How Autodisconnect Works in Windows NT and Windows 2000
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows NT Workstation 3.5
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 3.5
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0
This article was previously published under Q138365
SUMMARY
This article documents the Windows NT and Windows 2000 local area network (LAN)-related Autodisconnect parameter.
Windows NT and Windows 2000 use two different Autodisconnect parameters; one for disconnecting Remote Access Service (RAS) connections and another for disconnecting LAN connections. The RAS Autodisconnect parameter is documented in the Microsoft Knowledge Base article Q153944, but the LAN version is undocumented. The only published reference to this Autodisconnect is in the Windows NT Resource Kit NT Registry Entries help file, in an overview of entries for the LanmanServer Parameters section.
MORE INFORMATION
You can find the LAN Autodisconnect parameter in the registry under the subtree HKEY_LOCAL_MACHINE under the subkey:
\System\CurrentControlSet\Services\LanmanServer\Parameters
NOTE: The preceding entry must be located on the computer that has the share or shares.
The purpose is to disconnect idle sessions after a set number of minutes. The number of minutes can be set at a command prompt using the net config server command.
For example, to set the Autodisconnect value to 30 minutes, you would run the following command line:
net config server /autodisconnect:30
The valid value range is -1 to 65535 minutes at the command line. To disable Autodisconnect set it to -1.
Setting Autodisconnect to 0 does not turn it off and results in very fast disconnects, within a few seconds of idle time. (However, the RAS Autodisconnect parameter is turned off if you set it to a value of 0.)
NOTES:
It is preferable to modify the LAN Autodisconnect directly in the registry. If you modify it at the command line, Windows NT and Windows 2000 may turn off its autotuning functions.
It's article 138365 at Tech-Net.
Corie
How Autodisconnect Works in Windows NT and Windows 2000
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows NT Workstation 3.5
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 3.5
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0
This article was previously published under Q138365
SUMMARY
This article documents the Windows NT and Windows 2000 local area network (LAN)-related Autodisconnect parameter.
Windows NT and Windows 2000 use two different Autodisconnect parameters; one for disconnecting Remote Access Service (RAS) connections and another for disconnecting LAN connections. The RAS Autodisconnect parameter is documented in the Microsoft Knowledge Base article Q153944, but the LAN version is undocumented. The only published reference to this Autodisconnect is in the Windows NT Resource Kit NT Registry Entries help file, in an overview of entries for the LanmanServer Parameters section.
MORE INFORMATION
You can find the LAN Autodisconnect parameter in the registry under the subtree HKEY_LOCAL_MACHINE under the subkey:
\System\CurrentControlSet\Services\LanmanServer\Parameters
NOTE: The preceding entry must be located on the computer that has the share or shares.
The purpose is to disconnect idle sessions after a set number of minutes. The number of minutes can be set at a command prompt using the net config server command.
For example, to set the Autodisconnect value to 30 minutes, you would run the following command line:
net config server /autodisconnect:30
The valid value range is -1 to 65535 minutes at the command line. To disable Autodisconnect set it to -1.
Setting Autodisconnect to 0 does not turn it off and results in very fast disconnects, within a few seconds of idle time. (However, the RAS Autodisconnect parameter is turned off if you set it to a value of 0.)
NOTES:
It is preferable to modify the LAN Autodisconnect directly in the registry. If you modify it at the command line, Windows NT and Windows 2000 may turn off its autotuning functions.
It's article 138365 at Tech-Net.
Corie
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
