Unable to lock students out of their computers at midnight

Bobby Geiko 1 Reputation point
2021-07-19T22:23:12.63+00:00

Hi Experts. I'm the IT Coordinator at a small private school. Here's the problem I'm facing:

Students are staying on their Surfaces at home past midnight (gaming or whatever). We would like to disconnect them at midnight and lock the account till morning.

I know I can do this in Active Directory, but unfortunately the logon hours attribute doesn’t get cached onto their machines and since they aren’t connected to our network at night it doesn’t enforce.

Any ideas in Windows Server or other software would be helpful.

Thanks.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,597 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,395 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Sam of Simple Samples 5,541 Reputation points
    2021-07-20T00:48:14.23+00:00

    How are they performing in their classes? If they are performing well then what business is it of yours what they do with their time? Would you prefer that they go to bars instead?

    I am concerned about the whatever part. Are these devices they have been provided for academic purposes? Do they use them past midnight for academic purposes? If so then do you really want to lock them out of doing that? If these are devices provided by the school for academic purposes then it seems reasonable that they be used for that purpose. Perhaps the solution is to install a policy that limits what software they can install (or perhaps can be used during certain times) instead of locking them out of the entire device. But if they perform well in school and don't get drunk and behave themselves reasonably well then you need to let them decide what they do.

    1 person found this answer helpful.
    0 comments No comments

  2. Rich Matheisen 46,721 Reputation points
    2021-07-20T18:51:12.217+00:00

    It might be a bit mean-spirited, but this should work:

    # QUSER output looks like this:
    # USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME
    #>user                 console             7  Active      16:40  7/20/2021 9:46 AM
    
    quser |
        Select-Object -Skip 1 |
            ForEach-Object{
                $SessionID = ($_ -split ' +')[2]
                logoff $SessionID
            }
    

    Run it a a scheduled task.

    If the user account is prevented from logging in by the Active Directory hours, that would keep them off your LAN. They'd still be able to log on to their machines, though.

    0 comments No comments

  3. Fan Fan 15,336 Reputation points Microsoft Vendor
    2021-07-21T02:55:48.987+00:00

    Hi,

    We may consider the schedule task method to shut down the workstation.

    1, Deploy a schedule task GPO to shut down the server.
    Make sure the workstation applies the policy when connect to the domain.
    Even the workstation disconnected at midnight, the system will still shut down the server.
    Steps:
    Create a GPO and configure the task schedule under computer configuration
    116585-7211.jpg
    116486-7212.jpg
    116487-7213.jpg
    116507-7214.jpg
    2, If you don't want the users to logon the station again when disconnected from the domain, we can configure the following policy:
    Interactive logon: Number of previous logons to cache (in case domain controller is not available)
    Location
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
    Value:0(once apply this policy, no credentials will be cached on the workstations, and users can't logon when disconnected from the domain).

    Best Regards,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.