How to block XP Pro client machines from logging into Windows 2008 domain

Hello
We support a clients Windows 2008 network - 60-70 users. We have upgraded all of their current client machines to Window 7 x64. With XP support expiring shortly we would like to be able to block XP client machines from logging into the network. Some of the users are reconnecting old workstations/laptops to the network and we wish to block this activity.
Is there a Windows 2008 group policy that will allow a minimum client OS to be enforced?

Many thanks in advance.
wsmythAsked:
Who is Participating?
 
Lionel MMConnect With a Mentor Small Business IT ConsultantCommented:
If you use a domain logon file you can add this to it
ver | find "5.1"
if %ERRORLEVEL% == 0 goto xp
GoTo End

:XP
shutdown -f -r -t 10 -c "Windows XP PCs are not allowed to logon to this domain"
GoTo End
:end
This will check to see what version of Windows they are running--if it is XP it will reboot there PC (the -r). If you want to shutdown their PC you can use -s instead.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
i would remove or disable the computer accounts in AD
0
 
dan_blagutCommented:
hello

Using powershel you can have a list of all windows XP computers in the domain
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto| out-file c:\temp\complist.txt.
Dont forget to load AD module before
import-module ActiveDirectory

but the most perfect solution is that one:
http://technet.microsoft.com/library/dd314175(WS.10).aspx
Dan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.