Log File!

[c-mos]

Hello...

I'm trying to read the logon and the logoff time from a log file. In
order to determine the total time of the user since the first logon, so
that after reaching a specific time the account of the user will be
disabled. I don't know how to do that?. Can I write a script to read
from the log file,and at the same time, this script should be executed
many times say about one time per 5 seconds.

Which option does manage this schedule?, and how can I write this
script if that's the solution?

Please help me.

 

[Simon Geary]

You won't be able to use Group Policy to do this. The attribute that
contains the last logon time is not stored in a log file but in an Active
Directory attribute on the Domain Controller that authenticated the user. So
what you would really need to do is an LDAP query of AD for this attribute
and then use some other scripting magic to force an actual logoff. So
nothing to do with Group Policy.

If you are using Windows 2000, the attribute that contains the logon time is
not replicated between domain controllers so what you would also have to do
is direct your query against every DC in the domain as you can never be 100%
sure what DC a user has authenticated to.

So what you are left with is a script that runs against every DC in the
domain, for every user in the domain every 5 seconds. You may encounter some
performance issues if you do this.

I can see what you're trying to do and it's a perfectly reasonable thing to
want to do. I'm sure their is a way to do it a la Internet Cafes but Group
Policy is not going to help.

 

[c-mos]

Thanks so much. I'll try to manage this problem. Thanks again.