Re: Lock Account/Logoff Time-out

• Previous message: siljaline: "Re: Incredimail"
• In reply to: Todd: "Re: Lock Account/Logoff Time-out"
• Next in thread: Roger Abell: "Re: Lock Account/Logoff Time-out"
• Reply: Roger Abell: "Re: Lock Account/Logoff Time-out"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 9 Dec 2004 20:32:00 -0500

Todd wrote:
> Thanks for the posts: Lanwench - I too expect users tolo out every
> night - hence my problem with this application. I have checked with
> the vendor and verified that it can't be run as a service - the
> application is a project management add-on to Quickbooks. It's
> actually a really neat program, but obviously causes security
> concerns.

What is it exactly?

> Ross - Unfortunately, with SBS 2000, you can only have 1 DC
> on the network.

Are you 100% sure about that?

> I think my best course of action is to modify the Group Policy
> settings for the entire network to allow all users to indefinately be
> logged on. Would you agree? I would actually prefer to modify
> settings so user accounts could be indefinatlely locked instead.
> Either way, I don't know where/how to configure this. Any help is
> greatly appreciated. I also can't seem to locate the newsgroup for
> group policy. Thanks again.
> Todd
> "Ross Smith" wrote:
>
>> Hmm... was going to reply 'No way around it that I know of.', but I
>> did some digging and I think I've got a couple of ideas for you.
>>
>> First of all, don't even try to look for a workaround for that
>> individual account. Even in Windows Server 2003, there can only be
>> one set of account policies per domain. If this is the way that
>> program needs to run, you *have* to change your account policies to
>> support it.
>>
>> I suppose in theory you could create a new domain within the same
>> forest and create an admin account for this service under that
>> domain. It's not something I've ever put into practice, you would
>> need another DC for the second domain and I've not used SBS 2000 so
>> I couldn't advise you on whether that's supported or not. I think
>> this would work but I would advise you to do plenty of research
>> yourself if you want to try this route.
>>
>> A better way is to change your policies to support this software and
>> then re-evaluate the security on the rest of your network, to see if
>> there is an alternative policy that could have the same effect. I
>> vaguely remembered someone using screensavers to achieve this and
>> found the following article on the knowledgebase:
>>
>> How To Force Users to Quit Programs and Log Off After a Period of
>> Inactivity in Windows XP
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;314999&sd=tech
>>
>> Hope that helps, can you reply to the board and let us know how you
>> get on.
>>
>> Ross Smith MCP, MCSA
>>
>>
>> "Todd" <Todd@discussions.microsoft.com> wrote in message
>> news:D3025B9E-5142-4030-97C9-9CF86B461C3B@microsoft.com...
>>> I have a SBS 2000 network. Default settings in my domain log users
>>> off (either locked or idle) after about 24 hours. We recently
>>> installed an application that needs to be running 24/7 with a user
>>> account logged on with admin rights. For security purposes, I
>>> would prefer to log the user on and lock the account. The problem
>>> is after 24 hours, the user is automatically logged off; therefore
>>> shutting down the application. My questions is: How can modify the
>>> GP settings so user accounts can be locked indefinately? I
>>> appreciate your help.

• Previous message: siljaline: "Re: Incredimail"
• In reply to: Todd: "Re: Lock Account/Logoff Time-out"
• Next in thread: Roger Abell: "Re: Lock Account/Logoff Time-out"
• Reply: Roger Abell: "Re: Lock Account/Logoff Time-out"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]