+ Post New Thread
Results 1 to 7 of 7
Windows 7 Thread, Command to lock and unlock non administrators out? in Technical; Hi, We are going to start having a laptop return once every 6 months and would like to force this ...
  1. #1

    Join Date
    Nov 2011
    Posts
    603
    Thank Post
    84
    Thanked 21 Times in 19 Posts
    Rep Power
    9

    Command to lock and unlock non administrators out?

    Hi,

    We are going to start having a laptop return once every 6 months and would like to force this by locking them out until they bring it in.

    Does anyone know of a command that locks non administrators out. Wouk like to run it with task schedular

    Many thanks

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,656
    Thank Post
    324
    Thanked 506 Times in 474 Posts
    Rep Power
    177
    Well you could do a local GPO edit to disable cached logons, but not sure if it'll remove them or only not save them. Would need to test it.

    Other option would be to delete the cached data from regedit, but as always not exactly a proper way to do it.

    (Or set a stupid logon timelimit? aka no logons from 6am-5am!

    Steve

  3. #3
    Valyyn's Avatar
    Join Date
    Jun 2011
    Location
    Portsmouth
    Posts
    199
    Thank Post
    21
    Thanked 58 Times in 42 Posts
    Rep Power
    53
    Would this work?

    Set a scheduled task to run in 6 months (as you said) and give it a .bat with the following:
    Code:
    net localgroup users "domain users" /delete
    net localgroup users "authenticated users" /delete
    In theory, I think this should stop non-admin from being able to logon, as they're no longer in the users group. Admins should still be able to log on as they're in the Administrators group.

    Might be worth a test anyway!

  4. #4

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    2,486
    Thank Post
    133
    Thanked 489 Times in 437 Posts
    Rep Power
    138
    Run Office with a KMS server activating it on your network. After six months without being able to connect to the server, Office stops working properly. That's usually a pretty good incentive for them to return it!

  5. #5

    Join Date
    Oct 2012
    Location
    UK
    Posts
    38
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It's far from an ideal solution and i'm not even sure if it would work, but could you make a new OU with the policy that stops certain security groups logging on to that machine (Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny log on locally), and somehow script it to move the machine to the new OU every 6 months?

    Like I say, it might not even work - just in idea

    Thinking about it, isn't there a way to display a message before the log on screen too? could put something in there about the machine automatically being locked because of a 6 monthly tune up needed

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    We use KMS with Windows 7 so if they don't bring it in every 180 days it shows that Windows is pirated, with Office handled in the same way it does give some incentive. The best way though is a combination of bitlocker and an application that wipes the TPM if not connected to the network, effectively wiping the drive unless they bring it back for the recovery key to be entered.

  7. #7

    Join Date
    Jul 2010
    Posts
    44
    Thank Post
    5
    Thanked 2 Times in 2 Posts
    Rep Power
    8
    Dany

    We do this on a daily basis so students cannot login to their local account and must use their domain account

    We run a script at start-up that copies a security profile template to the device. On shutdown a script run that resets the security profile to another template that allows local login - so they can login at home.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 27th February 2012, 10:04 AM
  2. Replies: 0
    Last Post: 23rd August 2011, 03:20 PM
  3. Replies: 4
    Last Post: 29th July 2011, 08:21 AM
  4. Microsoft to lock pirates out of Vista PCs
    By CyberNerd in forum IT News
    Replies: 25
    Last Post: 6th October 2006, 11:48 AM
  5. Allow non-administrator accounts to unlock a pc
    By richard in forum How do you do....it?
    Replies: 17
    Last Post: 11th March 2006, 10:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •