I'm trying to set up some computers in my Windows 2000 domain to automatically log off users when the users' logon time expires. I've enabled Automatically log off users when logon time expires in the \security options container in my Default Domain Policy Group Policy Object (GPO), which Figure 1 shows. When I look on the local machines, the policy appears to be in effect, but the users aren't logged out when their logon time expires. How can I get the automatic logoff to work properly?
The Automatically log off users when logon time expires setting affects users connected to the computer remotely, such as to a shared folder or printer. However, the setting doesn't log off interactive users. The logon-time restrictions you can specify for a user account are intended to disconnect users from servers on the network—not log them out of their own workstations if they logged on earlier, during their allowed time period. For more information about how to log off interactive users, see Jan De Clerq, NT Gatekeeper, "Using the WinExit Screen Saver to Force User Logoffs," August 2001, InstantDoc ID 21680.