How can you ensure temporary employees can only log on during regular business hours?

To ensure that temporary employees can only log on during regular business hours, configuring day/time restrictions in user accounts is the most effective method. This approach allows you to set specific hours during which the user account is active, thereby limiting access to only those designated times. By implementing such restrictions, you create a controlled environment that helps prevent unauthorized access outside of business hours.

Using account expiration would simply deactivate the account after a certain date, which does not necessarily address access during specific hours. Configuring account policies in Group Policy can encompass a range of settings but does not specifically allow for time-bound access constraints on an individual user basis. Account lockout policies are primarily concerned with security after multiple failed login attempts and do not regulate the time frame in which a user can log on. Therefore, establishing day/time restrictions directly aligns with the requirement to manage logon times for temporary staff effectively.