I'm looking for a way to fully automate user logouts or reboots on loaner laptops that we provide to students for up to 24 hours. These laptops are kept on-site, stored closed in a cabinet with absolutely no network connection. Currently, I have a Group Policy Object (GPO) that logs off inactive sessions after 20 minutes, but it doesn't work since the laptops aren't connected to the network. While the front desk staff are supposed to reboot the laptops before they're stored, this doesn't always happen. Security restrictions prevent us from adding any switches, and maintaining a live network connection isn't viable because our Wi-Fi requires users to enter their Active Directory username and password. I'm searching for a completely automated solution to log off or reboot users while the laptops are disconnected, without any manual steps involved. Has anyone encountered a similar situation and found a solution?
3 Answers
Consider setting a local GPO that doesn't depend on the domain controller. This way, you can manage logouts more effectively without the need for a network connection.
Have you thought about a login script that creates a scheduled task to log out inactive sessions? You could set it to run at a specific time like 3 AM, which might work for your needs. It wouldn’t be perfect, but it would help manage user sessions without needing manual intervention.
Your GPO that handles the 20-minute idle session should ideally still apply, even when the laptops are offline. If it's not working, it could be because the script it references is on a network location instead of locally. Try creating a new GPO that copies the script to a secure local location. Just make sure to update the path in the original GPO to point to this local copy!
That's a good point! Running it on a schedule might actually be a lot easier than relying on user logins. I'll explore that option.