Forced logoff policy is policy for SMB server, i.e. the computer which has
a network share accessible from a network. This policy, if enabled on a
server, disconnects users when their logon hours expire.
This is the explanation of this policy from the help file:
========================================
Network security: Force logoff when logon hours expire
Description
This security setting determines whether to disconnect users who are
connected to the local computer outside their user account's valid logon
hours. This setting affects the Server Message Block (SMB) component.
When this policy is enabled, it causes client sessions with the SMB server
to be forcibly disconnected when the client's logon hours expire.
If this policy is disabled, an established client session is allowed to be
maintained after the client's logon hours have expired.
Default: Enabled.
Configuring this security setting
You can configure this security setting by opening the appropriate policy
and expanding the console tree as such: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\
For specific instructions about how to configure security policy settings,
see To edit a security setting on a Group Policy object.
Note
a.. This security setting behaves as an account policy. For domain
accounts, there can be only one account policy. The account policy must be
defined in the Default Domain Policy, and it is enforced by the domain
controllers that make up the domain. A domain controller always pulls the
account policy from the Default Domain Policy Group Policy object (GPO),
even if there is a different account policy applied to the organizational
unit that contains the domain controller. By default, workstations and
servers that are joined to a domain (for example, member computers) also
receive the same account policy for their local accounts. However, local
account policies for member computers can be different from the domain
account policy by defining an account policy for the organizational unit
that contains the member computers. Kerberos settings are not applied to
member computers.
For more information, see:
a.. Account and local policies
b.. Set logon hours
c.. Security Configuration Manager Tools
--
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
