Our Sophos Anti-virus scans each night, but complains about files it can't access. Files that are in use by Firefox or Outlook.
Is there a script we can configure to run each night before the scans, which logs the user out of the machine?
Ideally, this would bring up a prompt beforehand offering the user the chance to remain logged in, should they be working late.
Thanks, Dean.
EDIT: The following suggestion in my post only effects SMB connections and will not log off a user's interactive session like I thought it would. See this google cached Experts Exchange thread for a long discussion on it (scroll all the way down to see the thread past the filthy lies that you have to be logged in to see the thread). Thanks to Evan Anderson for setting me straight. It seems that a pstools script or batch file would be the only way to achieve this.
Someone feel like downvoting me to remove the undeserved points?
Maybe I'm missing something, but won't the domain policy "Automatically log off users when logon time expires" be applicable in this scenario? Just create the hours that you want people to be able to log on and then restrict them accordingly to have them all logged off. Be careful when applying this policy though. If I understand correctly, it can only be applied to the domain root and there are some other caveats. You may be better off applying a local group policy via a domain policy and a security template... ? Things are getting complex here. =)
If you have an Experts-Exchange account (you can get one genuinely for free if you look in their help pages hard enough in spite of their filthy lies that you have to pay to become a member; I've blogged about it here) you can read this thread about a similar situation and the solution.
You could also look into "How To Force Users to Quit Programs and Log Off After a Period of Inactivity in Windows XP" as per KB314999.
There's no built-in functionality to do what you want, so you're definitely going to have to have something coded.
I can't tell you about Vista or Windows 7, because I don't have one handy right now to test on, but a "shutdown -l" (as phuzion mentioned) on Windows XP run as SYSTEM (invoked by the "Task Scheduler" service) will cause the session for the interactive user to logoff. Conceivably this might be different on Vista and Windows 7.
You could probably rig something ugly with wprompt, a .BAT file, and "Scheduled Tasks", but you'll have to schedule it with the "AT" command to get it to interact with the Desktop, and you'll have an ugly command-promt window popping up. (Okay, okay-- I can think of a way to do it with VBScript and that wprompt utility that wouldn't cause an ugly command prompt window to pop up. It's still ugly, though.)
You should be able to create a batch file that will log the user out, and execute it remotely with psexec.
The command you would want to include in the batch file would be:
I'd suggest against doing this though, as many people will be frustrated with you in the morning when they find out that their unsaved documents are completely gone.