Skip to content

How to Enforce Windows 7 Computer to Logoff From the Domain Session When Their Logon Hours Expire?

By Codrut Nistor

Posted in How-to, Windows-7

In complex network scenarios users mostly authenticate their credentials from domain controllers. If administrators in these cases have made the network even securer by assigning specific hours for domain users the users cannot log on to the domain after their logon hours are expired. However in the cases when users are logged on to the domain and during that period their logon hours expire they are not automatically disconnected from the sessions. In the organizations where security is considered as a major issue this default configuration might cause potential risks to the entire domain environment. If you are an administrator in any such organization you can disable this feature and enforce disconnection of logged on user accounts as soon as their logon hours expire by following the steps given below:

  1. Logon to the computer with administrator account.
  2. Click on Start button.
  3. At bottom of start menu in search box type gpedit.msc command and press enter key.
  4. On Local Group Policy Editor snap-in under Computer Configuration expand Windows Settings and then expand Security Settings.
  5. Expand Local Policies and click on Security Options.
  6. From the right pane double click on Network security: Force logoff when logon hours expire and on the opened box select Enabled radio button.
  7. Once done click on Ok button and close Local Group Policy Editor snap-in.
  8. Open Command Prompt and in command window type gpupdate /force to update here computer policy with latest configuration.
  9. Close Command Prompt.


This configuration is only effective when used in domain environments this policy is configured in Default Domain Policy GPO.