WinSecWiki > Security Settings > Local Policies > Security Options > Microsoft Network Server > Disconnect clients when logon hours expire

Microsoft network server: Disconnect clients when logon hours expire

Active Directory user accounts have a Logon Hours property which allow you to define what days of the week and what hours of the day the user is allowed to logon. What happens if a user logs on during their allowed hours but remains logged on into a disallowed time period? By default Windows will allow the user to remain logged on. 

If enabled, this setting causes Windows file and print servers to disconnect sessions that remain logged on past the user’s allowed time. 

Note: Windows will only close sessions that are inactive. If the user has a file open on the server, the server will not close the session until all files are closed. 

Note: this setting does not log the user off from their workstation. This setting only applies to network connections from the workstation to other servers on the network. 

Bottom line

Enable this option if you have configured logon hour restrictions on your AD user accounts.

Back to top

 

Additional Resources