How to set logon hours in Active Directory?
Logon hours restriction is done by editing a user's account in the following way:
- Open the user object whose account you want to restrict logon hours for.
- Select account tab and put a check against the Logon hours box. Click Logon hours button.
Click Logon hours button.
- In the next window, select the time that you want to restrict or allow them to logon.
Group policy allows you to lock a user out when their logon time expires. Follow the steps given below to configure this setting:
- Run → gpmc.msc and create a new GPO called "Logon restrictions" Right click on this GPO and click edit.
- Move to Computer configurations → Policies → Windows Settings → Security Settings → Local Policies → Security Options.
- In the right pane of the Group Policy snap-in, double-click Microsoft network server: Disconnect clients when logon hours expire. Click to select the Define this policy setting check box, click Enabled, and then click OK.
So using this GPO we can enforce clients to disconnect if there are active sessions running when the logon hours expire.
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools