Hey everyone, I'm managing a small office with Windows 11 laptops (version 23H2) and I'm looking for a way to automatically log off users when their designated logon hours expire. For instance, I need users to be logged off by 8 PM if their hours are set for Monday to Friday from 6 AM to 8 PM. This is essential because we run a nightly report to catch any after-hours login attempts, and if someone forgets to log off, we end up with tons of 'access denied' errors cluttering our report. I've come across two Group Policy Objects (GPOs) that are supposed to handle this: one under Computer Configuration that seems to only apply to remote desktops, and another under User Configuration which I tested but it didn't work as expected. I'm using the proper admx and adml files from Windows 11 23H2. I'm curious if anyone has successfully implemented something like this and what your recommendations are!
1 Answer
It looks like you've got two GPO options: one is machine-based and the other is user-based. Your choice depends on how you want to apply them. If you want all users to be logged off after their hours, the machine-based GPO might be best. But if you're aiming for something more specific for users with their own laptops, stick with the user-based GPO. Just be sure to check your GPO configuration and loopback settings!
I'll need to look deeper into that, as I want the user-based option to work since each person has their own machine.