Using the configure logon hours feature, you can control when users can logon to the network.
In the Windows Server family, administrators use Active Directory Users and Computers, which is implemented as a snap-in for Microsoft Management Console (MMC). Logon hours can be applied on either a permit or deny basis.
When a user’s logon hours expire, the user can continue to work on the workstation but cannot access any network resources except the resources that are already open, such as the shares that the user is accessing. In Windows Server, you can disconnect users from all network resources when their hours expire by choosing Policies from the User Manager for Domains menu bar, selecting Account, and then selecting Forcibly Disconnect Remote Users From The Server When Logon Hours Expire at the bottom of the Account Policy dialog box.
For security reasons, you might want to restrict logon hours for ordinary users to company working hours. This reduces the chance of accounts being used for unauthorized access during off-hours.
