Security in 2000 question

OK... I have a need to force a log-off of a user at say, 10:00 PM, and not to allow a logon till say 7:00AM. I know this was easily done in WinNT, but I cannot find a way to do it in 2000. Also, this is in a 2000 Pro standalone machine, WITHOUT a PDC. I was just hoping it was somewhere in the profiles and I was just missing it.

Thanks for any help.

Mason

Even by running the NT4 "User Manager" tool under 2k, I can't seem to get it to display any options for limiting the login times.

I'm guessing that the time limits for logins must be something that can only be assigned in a domain situation, not in a standalone computer situation. Could be wrong about that, but it's kind of looking that way.

I didn't see anything in the local user or local security policy either. I did find

http://support.microsoft.com/default.aspx?scid=kb;en-us;318714

This details the 'net user' command which may or may not work w/o a domain, the documentation is not clear. Alternately you could use Windows 2000 help and search for 'net user'. The final description is listed in the Command Reference.

Hrmmm... Thanks guys... That's kinda the feeling I was getting. Just seems kinda stupid. Oh well... I guess I'll have to investigate a program to handle it, plus a lock on setting the time.

Thanks

M

I think there's a good shot the net user command will work, try that first.

-Zeke

plus a lock on setting the time.

See, that's the thing. I'll bet that's why Microsoft hasn't bothered with locking the logons based on time from the local client desktop space. Very hard to (securely) lock the actual system time down on the local desktop when there is easy physical access to the machine. Too many ways to easily change the clock on a workstation PC, for someone who's serious about getting around time-based restrictions.

In a properly implemented domain environment, though, the server will be physically located behind a locked door, so it's possible to make the server's timeclock setting reasonably secure. Then you can accurately refuse server authentication based on server's time of day.

Of course, refusing server authentication doesn't completely stop someone from mucking about on a client workstation, it just prevents them from accessing server resources. Again, in such an environment, the properly place for those resources is on the server instead of on the workstaion.

Fortunately for me, it's a 16-year old girl that is logging in at night to chat with friends. She's not terribly sophisticated, so I lock the changing from desktop, set a bios passwd, and viola. She can't log in. It's for a friends of mine. His daughter is driving him nuts.

Fortunately for me, it's a 16-year old girl that is logging in at night to chat with friends. She's not terribly sophisticated, so I lock the changing from desktop, set a bios passwd, and viola. She can't log in. It's for a friends of mine. His daughter is driving him nuts.

Technology: In The Battle Between A Bloke And His Sixteen-Year-Old Daughter, Bet On The Daughter.

Peter

In a properly implemented domain environment, though, the server will be physically located behind a locked door, so it's possible to make the server's timeclock setting reasonably secure. Then you can accurately refuse server authentication based on server's time of day.

Can't you easily get round this by:

- changing the workstation time
- unplug the workstation from the network
- logon
- plug the workstation back in

That way the workstation will use the cached domain login information without any reference to the server at all. Unless there is a setting that you can set to stop cached login info from being used ?

That way the workstation will use the cached domain login information without any reference to the server at all.

Right, but that's only the workstation.

My point (and I thought I'd made this clear earlier) was that in a properly secure Domain-based client/server environment, the sensitive stuff is stored on the server, and it's access to that server that you block based on TOD.

Technology: In The Battle Between A Bloke And His Sixteen-Year-Old Daughter, Bet On The Daughter.