Microsoft network server: Disconnect clients when logon hours expireID: oval:org.secpod.oval:def:8835 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Microsoft network server: Disconnect clients when logon hours expire setting should be configured correctly.
This policy setting determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours. It affects the SMB component. If you enable this policy setting, client sessions with the SMB service will be forcibly disconnected when the clients logon hours expire. If you disable this policy setting, established client sessions will be maintained after the clients logon hours expire. If you enable this policy setting you should also enable Network security: Force logoff when logon hours expire. If your organization configures logon hours for users, it makes sense to enable this policy setting.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire
(2) KEY: HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff
Platform: |
Microsoft Windows Server 2008 R2 |