Re: Lock Account/Logoff Time-out
From: Todd (Todd_at_discussions.microsoft.com)
Date: 12/09/04
- Next message: Lanwench [MVP - Exchange]: "Re: Ridding yourself of FTP malware"
- Previous message: Barbara Z: "HELP Can't get online virus scans or AVG to work"
- In reply to: Ross Smith: "Re: Lock Account/Logoff Time-out"
- Next in thread: Roger Abell [MVP]: "Re: Lock Account/Logoff Time-out"
- Reply: Roger Abell [MVP]: "Re: Lock Account/Logoff Time-out"
- Reply: Lanwench [MVP - Exchange]: "Re: Lock Account/Logoff Time-out"
- Reply: Ross Smith: "Re: Lock Account/Logoff Time-out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Dec 2004 09:45:07 -0800
Thanks for the posts: Lanwench - I too expect users tolo out every night -
hence my problem with this application. I have checked with the vendor and
verified that it can't be run as a service - the application is a project
management add-on to Quickbooks. It's actually a really neat program, but
obviously causes security concerns. Ross - Unfortunately, with SBS 2000, you
can only have 1 DC on the network.
I think my best course of action is to modify the Group Policy settings for
the entire network to allow all users to indefinately be logged on. Would
you agree? I would actually prefer to modify settings so user accounts could
be indefinatlely locked instead. Either way, I don't know where/how to
configure this. Any help is greatly appreciated. I also can't seem to locate
the newsgroup for group policy. Thanks again.
Todd
"Ross Smith" wrote:
> Hmm... was going to reply 'No way around it that I know of.', but I did some
> digging and I think I've got a couple of ideas for you.
>
> First of all, don't even try to look for a workaround for that individual
> account. Even in Windows Server 2003, there can only be one set of account
> policies per domain. If this is the way that program needs to run, you
> *have* to change your account policies to support it.
>
> I suppose in theory you could create a new domain within the same forest and
> create an admin account for this service under that domain. It's not
> something I've ever put into practice, you would need another DC for the
> second domain and I've not used SBS 2000 so I couldn't advise you on whether
> that's supported or not. I think this would work but I would advise you to
> do plenty of research yourself if you want to try this route.
>
> A better way is to change your policies to support this software and then
> re-evaluate the security on the rest of your network, to see if there is an
> alternative policy that could have the same effect. I vaguely remembered
> someone using screensavers to achieve this and found the following article
> on the knowledgebase:
>
> How To Force Users to Quit Programs and Log Off After a Period of Inactivity
> in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;314999&sd=tech
>
> Hope that helps, can you reply to the board and let us know how you get on.
>
> Ross Smith MCP, MCSA
>
>
> "Todd" <Todd@discussions.microsoft.com> wrote in message
> news:D3025B9E-5142-4030-97C9-9CF86B461C3B@microsoft.com...
> > I have a SBS 2000 network. Default settings in my domain log users off
> > (either locked or idle) after about 24 hours. We recently installed an
> > application that needs to be running 24/7 with a user account logged on
> with
> > admin rights. For security purposes, I would prefer to log the user on
> and
> > lock the account. The problem is after 24 hours, the user is
> automatically
> > logged off; therefore shutting down the application. My questions is:
> How
> > can modify the GP settings so user accounts can be locked indefinately? I
> > appreciate your help.
>
>
>
- Next message: Lanwench [MVP - Exchange]: "Re: Ridding yourself of FTP malware"
- Previous message: Barbara Z: "HELP Can't get online virus scans or AVG to work"
- In reply to: Ross Smith: "Re: Lock Account/Logoff Time-out"
- Next in thread: Roger Abell [MVP]: "Re: Lock Account/Logoff Time-out"
- Reply: Roger Abell [MVP]: "Re: Lock Account/Logoff Time-out"
- Reply: Lanwench [MVP - Exchange]: "Re: Lock Account/Logoff Time-out"
- Reply: Ross Smith: "Re: Lock Account/Logoff Time-out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
