Windows 7 Thread, Command to lock and unlock non administrators out? in Technical; Hi,
We are going to start having a laptop return once every 6 months and would like to force this ...
22nd February 2013, 08:07 AM #1
Command to lock and unlock non administrators out?
We are going to start having a laptop return once every 6 months and would like to force this by locking them out until they bring it in.
Does anyone know of a command that locks non administrators out. Wouk like to run it with task schedular
22nd February 2013, 08:10 AM #2
Well you could do a local GPO edit to disable cached logons, but not sure if it'll remove them or only not save them. Would need to test it.
Other option would be to delete the cached data from regedit, but as always not exactly a proper way to do it.
(Or set a stupid logon timelimit? aka no logons from 6am-5am!
22nd February 2013, 08:58 AM #3
Would this work?
Set a scheduled task to run in 6 months (as you said) and give it a .bat with the following:
In theory, I think this should stop non-admin from being able to logon, as they're no longer in the users group. Admins should still be able to log on as they're in the Administrators group.
net localgroup users "domain users" /delete
net localgroup users "authenticated users" /delete
Might be worth a test anyway!
22nd February 2013, 09:07 AM #4
Run Office with a KMS server activating it on your network. After six months without being able to connect to the server, Office stops working properly. That's usually a pretty good incentive for them to return it!
22nd February 2013, 05:52 PM #5
- Rep Power
It's far from an ideal solution and i'm not even sure if it would work, but could you make a new OU with the policy that stops certain security groups logging on to that machine (Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny log on locally), and somehow script it to move the machine to the new OU every 6 months?
Like I say, it might not even work - just in idea
Thinking about it, isn't there a way to display a message before the log on screen too? could put something in there about the machine automatically being locked because of a 6 monthly tune up needed
22nd February 2013, 06:03 PM #6
We use KMS with Windows 7 so if they don't bring it in every 180 days it shows that Windows is pirated, with Office handled in the same way it does give some incentive. The best way though is a combination of bitlocker and an application that wipes the TPM if not connected to the network, effectively wiping the drive unless they bring it back for the recovery key to be entered.
22nd February 2013, 06:09 PM #7
- Rep Power
We do this on a daily basis so students cannot login to their local account and must use their domain account
We run a script at start-up that copies a security profile template to the device. On shutdown a script run that resets the security profile to another template that allows local login - so they can login at home.
By Davit2005 in forum Windows 7
Last Post: 27th February 2012, 10:04 AM
By mesteele101 in forum Scripts
Last Post: 23rd August 2011, 03:20 PM
By Greenbeast in forum Mac
Last Post: 29th July 2011, 08:21 AM
By CyberNerd in forum IT News
Last Post: 6th October 2006, 11:48 AM
By richard in forum How do you do....it?
Last Post: 11th March 2006, 10:36 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)