Hello,
Unfortunately, the timely restrictions available, both in Domain or Workgroup, apply only to the Log On capability. In case a user with Administrator priviledges is able to log in, the capability to run elevated permission actions will be present.
The best option in this case would be:
- Create a new account to be used as priviledged account (part of Administrators group) and set up the logon hours with NET USER command
- Set the built-in "Administrator" account as Disabled (as best practice for security)
- Remove other Logon users from Administrators group, but will need to introduce new credentials (the new account you created) when they require elevation or priviledge access.
This way, you can timely limit the usage of the account with priviledges, while the users can still login and use the system.
--------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--