Score:-1

Server

Forcing inactive user log off

csmith

4/13/23, 8:27 PM

Is it possible to force a user log off after a set period of inactivity without the use of a scheduled task? I have tried using the Interactive Logon: Machine Inactivity limit GPO and it does not work.

166

0 + 0

windows

group-policy

Daniel

5/3/23, 9:03 PM

`I have tried using the Interactive Logon: Machine Inactivity limit GPO and it does not work.` Of course it does not. That is not what that policy enforces. ([docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit))

Score:0

Server

Bernd Schwanenmeister

4/14/23, 8:26 AM

Without a task? Hm, the trigger state "on idle", which task scheduler uses is determined by the OS, so theoretically, other applications or scripts may use that state but still this would be complicated, while with scheduler, this would be so easy.

Why wouldn't you use scheduler?

0 + 0

csmith

4/14/23, 2:16 PM

The IT head doesn't like the idea of a task being seen by users and possibly disabled or deleted by that same user.

Bernd Schwanenmeister

4/15/23, 2:06 PM

I see. But that task would not be seen by the user. Set it up as admin and it will be invisible for the user and unchangeable as well.

csmith

4/15/23, 5:33 PM

The problem is that the users who we are worried about are set as local admins and therefore can see the policies set up on the machine.

Bernd Schwanenmeister

4/15/23, 7:19 PM

So you are worried about admins. Ok, GPOs could impose immediate(non-persistent) scheduled tasks that would reinstall on every GPO background refresh and immediately after execution vanish again). Those would only be spottable by admins that constantly refresh task scheduler (which conflicts with being idle :-) )

csmith

4/17/23, 7:36 PM

Interesting. What would be your recommendation on accomplishing that? Just another GPO to remove it at a certain time?

Bernd Schwanenmeister

4/19/23, 12:42 PM

No, much easier. As said: immediate tasks are not persistent. They run and delete themselves automatically afterwards.

csmith

4/20/23, 7:28 PM

How would I go about running the immediate task on a weekly basis? Since our logon runs a gpupdate, I don't think that we can do GP refresh for putting it back on.

Bernd Schwanenmeister

4/21/23, 8:04 AM

Weekly? I thought you would like to log off inactive users as soon as possible? To run an immediate task weekly, you would need to automate the activation (link set from disabled to enabled) of the GPO that sets the scheduled task. I describe that process in my article here: https://www.experts-exchange.com/articles/25379/Make-GPOs-work-timebound.html?preview=h/r7UIPWIq8%3D

Daniel

5/3/23, 9:05 PM

You said that you're afraid that your users disable the task because they are admins. This sounds like a problem that should be solved on an organisational level and not on a technical level.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Forcing inactive user log off

TH: บังคับให้ผู้ใช้ที่ไม่ใช้งานออกจากระบบ

RO: Forțarea deconectarii utilizatorului inactiv

RU: Принудительный выход из системы неактивного пользователя

VI: Buộc người dùng không hoạt động đăng xuất

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.