Re: Force Logoff if Inactive
From: name (nospam_at_user.com)
Date: 11/18/03
- Next message: S. Pidgorny
: "Re: WiFi security" - Previous message: Fool: "Re: When IE is launched, some spyware start running."
- In reply to: Harry Paratestes: "Re: Force Logoff if Inactive"
- Next in thread: Harry Paratestes: "Re: Force Logoff if Inactive"
- Reply: Harry Paratestes: "Re: Force Logoff if Inactive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Nov 2003 02:50:56 -0500
You are tagging to many usenet.
Who are you ? Kennedy ?
"Harry Paratestes" <harryp@newz-grp-reader.com> wrote in message
news:eoJ84r$qDHA.360@TK2MSFTNGP12.phx.gbl...
>
> Patrick,
>
> Thanks for your insight. I'm not a programmer/scripter by trade, but will
> definitely do the research to see if I make this work as you described.
> Gotta pack the suitcase for a red-eye flight. Will monitor this NG
> tomorrow.
>
> Thanks again,
>
> HP sends
>
>
> "Patrick J. LoPresti" <patl@users.sourceforge.net> wrote in message
> news:s5gwua1c8ao.fsf@patl=users.sf.net...
> > Another possibility:
> >
> > The Win32_Desktop WMI class has a "ScreenSaverActive" property. You
> > can use WMI events to monitor the state of that property.
> >
> > Roughly... You would use ExecNotificationQuery with a query string
> > like "SELECT * FROM __InstanceModificationEvent WHERE TargetInstance
> > ISA 'Win32_Desktop'". The result of that query would be an
> > SWbemEventSource on which you would repeatedly call NextEvent with a
> > timeout.
> >
> > That call, in turn, would either time out or give you an
> > __InstanceModificationEvent (whose TargetInstance is a Win32_Desktop).
> > Thus, you have a loop which you can use to keep track of the screen
> > saver state, waking up if that state does not change for a while. You
> > just need to combine this with a mechanism for logging off the current
> > user.
> >
> > This idea needs some refinement; e.g., to make the WQL query apply
> > only to the Win32_Desktop of the current user. But I believe the
> > basic idea is sound.
> >
> > - Pat
> > http://unattended.sourceforge.net/
> >
> > "Harry Paratestes" <harryp@newz-grp-reader.com> writes:
> >
> > > Thanks for feedback.
> > >
> > > Just now I checked out the Scheduled Task Wizard on W2K client. I
> believe I
> > > could do what you're suggesting, but the missing piece to the puzzle
is
> the
> > > 'inactivity timer'. Did a little more research on this and it dawned
on
> me
> > > that there MUST be an internal clock/process/service/daemon running on
> W2K
> > > that determines inactivity. No surprise here, screensaver and Power
> Scheme
> > > functions [Control Panel/Power Options] obviously are triggered by
some
> > > keypad or mouse activity timer. Terminal services on W2K Server has
> > > inactivity function too (bounces users if not activitely using TS).
> > >
> > > If anyone has insight on the process/service/daemon that determines
> keyboard
> > > and/or mouse inactivity on W2K and how to exploit it, any guidance or
> points
> > > will be much appreciated.
> > >
> > > HP sends
> >
> > Thanks again!
> >
> > 1) Trying to find the JT.exe tool in the W2K ResKit, but no luck.
> Unable
> > to download for some reason from MS site (FTP down?)
> >
> > 2) LOGOFF.exe is another W2K ResKit tool. Using your command line
code,
> > I'd replace the Sysinternals tool with LOGOFFexe.
> >
> > 3) I gotta pack up for business trip, fly out tonight. Will monitor
> this
> > NG when I get to destination.
> >
> >
> > Here's a hack to make SCHTASKS.exe run on Windows 2000:
> > http://www.jsifaq.com/SUBK/tip5300/rh5335.htm
> >
> >HP sends
> :
> :
> :----- Original Message -----
> : From: "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com>
> : Newsgroups:
> :
>
microsoft.public.security,microsoft.public.security.toolkit,microsoft.public
>
.win2000.security,microsoft.public.windows.server.security,microsoft.public.
>
windowsxp.security_admin,microsoft.public.win2000.general,microsoft.public.w
> in2000.termserv.clients
> Sent: Saturday, November 15, 2003 4:38 PM
> Subject: Re: Force Logoff if Inactive
> :
> : Hi
> :
> : I was able to to this now on a WinXP client using WinXP built in command
> line
> : task scheduler "manipulator" SCHTASKS.exe and the psshutdown.exe utility
> from
> : the free PSTools suite found at http://www.sysinternals.com.
> :
> : This will create a scheduled task running with the credentials of the
> local
> : Administrator (with password xxx in the example) that logs the *console*
> user
> : off after 16,65 hours inactivity (999 minutes is the max value):
> :
> : SCHTASKS.exe /Create /RU "%COMPUTERNAME%\Administrator" /RP xxx
> : /SC ONIDLE /I 999 /TN "IdleLogoff" /TR "C:\psshutdown.exe -o -f"
> :
> : Note that the way this configures the task scheduler, if you set it to
> reboot
> : the computer it will reboot the computer even if nobody is logged in
(when
> the
> : computer is idle at the logon screen). Logoff or shutdown/poweroff will
be
> a
> : better choice I think.
> :
> : Note that you can use SCHTASKS.exe to configure a scheduled task on a
> remote
> : computer (if that will work against a Win2k computer I do not know). Run
> : SCHTASKS /? in a command prompt for more help.
> :
> : I was not able to use WinXP's shutdown.exe utility, it looks like it is
> not able
> : to log off another user than the one user that is defined as the "task"
> user.
> : However, Sysinternals's psshutdown utility was able to do this. I also
> tried to
> : use /RU "NT AUTHORITY\SYSTEM" instead of using the Administrator user,
but
> I
> : could not get the scheduled task to run psshutdown.exe then.
> :
> :
> : For Win2k, it may be that JT.EXE is able to create a scheduled task like
> : SCHTASKS.exe is for WinXP:
> :
> : http://www.jsiinc.com/SUBF/TIP2600/rh2621.htm
> : ftp://ftp.microsoft.com/reskit/win2000/jt.zip
> :
> :
> : --
> : torgeir
> : Microsoft MVP Scripting and WMI, Porsgrunn Norway
> : Administration scripting examples and an ONLINE version of the 1328 page
> : Scripting Guide: http://www.microsoft.com/technet/scriptcenter
> :
> :
> :
> >"Harry Paratestes" <harryp@newz-grp-reader.com> wrote in message news:...
> > Thanks for feedback.
> >
> > Just now I checked out the Scheduled Task Wizard on W2K client. I
believe
> I
> > could do what you're suggesting, but the missing piece to the puzzle is
> the
> > 'inactivity timer'. Did a little more research on this and it dawned on
> me
> > that there MUST be an internal clock/process/service/daemon running on
W2K
> > that determines inactivity. No surprise here, screensaver and Power
> Scheme
> > functions [Control Panel/Power Options] obviously are triggered by some
> > keypad or mouse activity timer. Terminal services on W2K Server has
> > inactivity function too (bounces users if not activitely using TS).
> >
> > If anyone has insight on the process/service/daemon that determines
> keyboard
> > and/or mouse inactivity on W2K and how to exploit it, any guidance or
> points
> > will be much appreciated.
> >
> > HP sends
> >
> >
> > "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
> > news:3FB68D9C.8F3D9AC3@hydro.com...
> > > Harry Paratestes wrote:
> > > Hi
> > >
> > > You can't do this detection from the DC, it will have no idea about if
> the
> > > workstations are idle or not, you need to do this on the local
computer.
> > >
> > > I don't know of any way with a script to determine idle time, but the
> > solution
> > > Steve suggested should work, creating a Scheduled Tasks on every
> computer
> > that
> > > kicks in after x minutes of idle time and runs a logoff
script/program.
> > >
> > >
> > > --
> > > torgeir
> > > Microsoft MVP Scripting and WMI, Porsgrunn Norway
> > > Administration scripting examples and an ONLINE version of the 1328
page
> > > Scripting Guide: http://www.microsoft.com/technet/scriptcenter
> > >
> > >
> > >
> > >
> > >
> > > > Thanks, read something similar on a bulletin board after my ng post.
> > The
> > > > "scheduling" of the logoff was kind of the first thought we had. We
> may
> > end
> > > > up just having to go with that. In a perfect world, we'd like an
> "event
> > > > trigger" where logoff only occurs if certain condition exists (i.e.
> > > > inactivity after X# of hours/minutes). I've found off-the-shelf
> > products
> > > > that can do exactly this, so I'm thinking it can be done, not to
> mention
> > our
> > > > IT budget is a joke and the thought of buying these products is OOQ.
> > Out of
> > > > frustration, we're moving away from GPO or ResKit tools and towards
> > > > script-writing. We're thinking to implement the LOGOFF.EXE tool,
but
> > not
> > > > sure what mechanism is available to determine 'idle time' on the
> > > > workstation. And when inactivity condition = TRUE, how does the DC
> > trigger
> > > > the LOGOFF.EXE on the workstation / luser account?
> > >
> > >
> > >
> > >"Steven L Umbach" <sumbach55@ameritech.net> wrote in message
> > >news:crstb.2199$4X4.551206@newssrv26.news.prodigy.com...
> > >
> > >
> > > You might look at using Scheduled Tasks to run logoff.exe or
> shutdown.exe
> > > after a certain period of idle time - up to 999 minutes though I don't
> > know
> > > of a good way offhand to implement it on a large number of
> omputers. ---
> > > Steve
> > >
> > >
> > >
> > > "Harry Paratestes" <anon_usr@discussions.microsoft.com> wrote in
message
> > > news:046301c3ab10$3dba6cc0$a401280a@phx.gbl...
> > > >
> > > > Anyone know of tool/script/CMD that will automagically log
> > > > off lusers after timeout has expired? Situation we have
> > > > is lusers habitually locking their workstations and never
> > > > logging off. Most recently, we've found out that a couple
> > > > lusers from a remote office are currently on-travel and
> > > > left their workstations powered on with screens locked.
> > > >
> > > > We have password locked screensaver implemented to kick
> > > > off after 15 minutes of inactivity. We'd like ability to
> > > > subsequently force logoffs after 24-36 hours of inactivity
> > > > (weekends, business travel, etc.). We do NOT want to
> > > > change our current screensaver set up (i.e. don't want to
> > > > use Winexit.scr or something similar).
> > > >
> > > > I looked at Winexit.scr and also for a GPO security
> > > > setting. No luck on GPO and Winexit didn't seem to do
> > > > what I wanted. Don't want to implement the "working
> > > > hours" GPO either which would log off or lockout lusers
> > > > during certain hours of the day (we occassionally have
> > > > shift work, also some lusers travel to various timezones).
> > > >
> > > > Summary: Luser locks workstation or password-protected
> > > > screensaver kicks in. If no activity for 24hrs, luser
> > > > gets bounced (and/or system reboots).
> > > >
> > > > Any tips? Is this even feasible?
> > > >
> > > > HP sends
> > > >
>
>
- Next message: S. Pidgorny
: "Re: WiFi security" - Previous message: Fool: "Re: When IE is launched, some spyware start running."
- In reply to: Harry Paratestes: "Re: Force Logoff if Inactive"
- Next in thread: Harry Paratestes: "Re: Force Logoff if Inactive"
- Reply: Harry Paratestes: "Re: Force Logoff if Inactive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
