Deny Logon Locally GPO setting scriptable?
Posted on 2004-04-20
I'm trying to proigram a time-based (not idle time) logout for some public systems - I don't know if its doable but what I'd like to do is run a scheduled task on login that would wait 30 minutes before calling a logout and prohibiting the currently logged in user from immediately logging in again. To that end I'm trying to figure out how to mimic the GPO LM/Security/Deny Logon locally in order to place the user on the deny list.
I'd like an explanation of what that security setting modifies (registry/SAM/?) becasue I'm fairly clueless and whether there is scripting or programmatic access to accomplish the same thing.