Server - HOW TO: Limit User Logon Time in a Domain in Windows Server 2003

Original Microsoft Article:

http://support.microsoft.com/kb/816666/en-us

This step-by-step article describes how to restrict the hours and days that a user may log on to a Windows Server 2003 domain.


Change Logon Times for a User Account

You can set logon hours for a user account by using one of the following methods:
  • Edit the user account properties from the Active Directory directory service Users and Computers snap-in.
  • Edit the user account properties by using the net user command.

Method 1: Using the Active Directory Users and Computers Snap-in

  1. Start the Active Directory Users and Computers snap-in. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the console tree, click the container that contains the user account that you want.
  3. In the right pane, right-click the user account, and then click Properties.
  4. Click the Account tab, and then click Logon Hours.
  5. Click All to select all available times, and then click Logon Denied.
  6. Select the time blocks that you want to allow this user to log on to the domain, and then click Logon Permitted.

    A status line under the logon hours table displays the currently selected logon times. For example, Monday through Friday from 8 A.M. to 5 P.M..
  7. When you are finished configuring logon hours, click OK, and then click OK in the user account Properties dialog box.
  8. Quit the Active Directory Users and Computers snap-in.

Method 2: Using the Net User Command-line Statement

  1. Click Start, and then click Run.
  2. In the Open box, type cmd, and then click OK.
  3. Type net user username /time:logon_times (where username is the name of the user account, and where logon_times are the days and times that you want to allow access to the domain), and then press ENTER.

    Use the following information to help you use the /time switch:
    • Days can be spelled out (for example, Monday) or abbreviated (for example, M,T,W,Th,F,Sa,Su).
    • Hours can be in 12-hour notation (1PM or 1P.M.) or 24-hour notation (13:00).
    • A value of blank means that the user can never log on.
    • A value of all means that a user can always log on.
    • Use a hyphen (-) to mark a range of days or times. For example, to create a range from Monday through Friday, type either M-F, or monday-friday. To create a range of time from 8:00 P.M. to 5:00 P.M., type 8:00am-5:00pm, 8am-5pm, or 8:00-17:00.
    • Separate the day and time items with commas (for example, monday,8am-5pm).
    • Separate day and time units with semicolons (for example, monday,8am-5pm;tuesday,8am-4pm;wednesday,8am-3pm).
    • Do not use spaces between days or times.

Examples

The following examples show how to change the logon times for a specific user account.
  • To set John's logon time (8:00 A.M. to 5:00 P.M.) using 24-hour notation, type the following command, and then press ENTER:
    net user john /time:M-F,08:00-17:00
  • To set John's logon time (8:00 A.M. to 5:00 P.M.) using 12-hour notation, type the following command, and then press ENTER:
    net user john /time:M-F,8am-5pm
  • To specify logon hours of 4:00 A.M. until 5:00 P.M. on Monday, 1:00 P.M. until 3:00 P.M. on Tuesday, and 8:00 A.M. until 5:00 P.M. Wednesday through Friday for Mary, type the following command, and then press ENTER:
    net user mary /time:M,4am-5pm;T,1pm-3pm;W-F,8:00-17:00