Active Directory How-To pages

Active Directory Auditing Tool

Track logon hours for all users in your network and get detailed reports on their
logon/logoff time and idle hours.

Get Your Free Trial Free, fully functional 30-day trial
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Track logon hours for all users in your network and get detailed reports on their
logon/logoff time and idle hours.

Account Management » Active Directory How-To pages

How to set logon hours in Active Directory?

Logon hours restriction is done by editing a user's account in the following way:

  1. Open the user object whose account you want to restrict logon hours for.
  2. Select account tab and put a check against the Logon hours box. Click Logon hours button.

    Click Logon hours button.

    how-to-set-logon-hours-in-active-directory

  3. In the next window, select the time that you want to restrict or allow them to logon.

    how-to-set-logon-hours-in-active-directory-2

Group policy allows you to lock a user out when their logon time expires. Follow the steps given below to configure this setting:

  1. Run → gpmc.msc and create a new GPO called "Logon restrictions" Right click on this GPO and click edit.
  2. Move to Computer configurations → Policies → Windows Settings → Security Settings → Local Policies → Security Options.

    how-to-set-logon-hours-in-active-directory-3

  3. In the right pane of the Group Policy snap-in, double-click Microsoft network server: Disconnect clients when logon hours expire. Click to select the Define this policy setting check box, click Enabled, and then click OK.

    how-to-set-logon-hours-in-active-directory-4

    4. So using this GPO we can enforce clients to disconnect if there are active sessions running when the logon hours expire.

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing