"Automatically log off users when logon time expires" does not work?
From: Randy Franklin Smith (rsmith@MONTEREYTECHGROUP.COM)Date: 03/11/02
- Previous message: Eric: "Re: IIS Internal IP Address Disclosure (#NISR05032002B)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Mar 2002 10:02:43 -0500 From: Randy Franklin Smith <rsmith@MONTEREYTECHGROUP.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
While exploring the difference between "Automatically log off users when
logon time expires" and "Automatically log off users when logon time expires
(local)", my test results indicate this feature does not work at all on
Win2k sp2. I have tried all combinations of these 2 policies on domain
controllers and member servers to no avail. (If you are unfamiliar with the
difference between these 2 policies see the Group Policy reference in Win2k
Resource Kit and Q259576.) My test method: Enable both policies in Default
Domain Policy. Make sure effective settings on DC and member server reflect
this. Set Frank's AD account to be denied logon from 8AM-9AM on Monday.
Then set the DC and member server time to 7:57 AM and map a drive to the MS
and/or DC. At 8:01 AM I can still access the shared folder(s). If I delete
the connection and try to re-map I am refused. So: new logons are rejected
as expected but existing connections are not dropped. Has anyone observed
this feature working?
I make no warranties express or implied regarding the information in this
email or it attachments. Use any suggestions, code or other information at
your own risk.
- Previous message: Eric: "Re: IIS Internal IP Address Disclosure (#NISR05032002B)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
