Solved

Windows Server 2012

Posted on 2014-04-21
6
171 Views
Last Modified: 2014-04-30
Dear All,

Is it possible to block users in domain  that are using a particular operating system .

for example:- I want to block all the users that are using XP OS  . XP users can't log in.

Is it possible . If yes then how can i configure that option.

Here we have Windows server 2012 configured along with the domain.

I am new to this server world. Searching for new options.


Regards,

JCT
0
Comment
Question by:jct_777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012233
Are these XP devices domain members? Probably are, but just being sure ...

You can use a Powershell to find the XP devices in your domain and set an expiration date on the device accounts... That's the "easy" fast fix ... This Powershell script can look something like this:

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Open in new window


Change the date accordingly of course...

Another option might be to use a Group Policy with WMI filters and implement it on an OU that contains the XP devices... The WMI filter query would look something like this:

Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Open in new window


A third option, though not easy to manage and maybe expensive to implement, use something like Network Access Control to block the XP devices ...
0
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 40012244
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012251
Dear Spravtek,

Yes the XP devices are domain members & also i don't want any XP pc to be connected to our domain in future.

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Can you please mention clearly how to use the above command in powershell & execute

Regards,

JCT
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012260
Hi JCT,

Just copy paste the script and paste it in (eg) notepad, save the file as a powershell script (extension .ps1).

Now lets say you saved it with a name like blockxp.ps1

Now open a Powershell window and browse to the location you've saved the file to.
execute it with ./blockxp.ps1

Make sure you open the Powershell window/session with admin rights to the domain, you might also get a warning/error about executing scripts, especially if you haven't used Powershell before... The script will not execute if you see this error/warning...

To solve this you can do following:

Type in the Powershell window/session following: "Set-ExecutionPolicy RemoteSigned" (without the quotes)...

Hope it's somewhat clear, if not, let me know.

Ps: If you don't want to bother with a script, just type in everything manually, so first the date part > enter, then the next part and > enter again at the end ...
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012280
Hi ,

As you told created one file with the .ps1 extension. copy & paste the above command in that. But when i opened the powershell i am unable to browse it. Also in the above command the start date is fine what about the expiry date . do i need to mention the date also.

please help me. I am totally confused.

JCT
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012295
The date you see in the script is the expiration date ... So set it to the date you want the computer accounts to expire ...

I'm not sure what you mean with the statement that you are unable to browse to it...

If the script doesn't work out, just copy/paste the lines 1 by 1 into powershell

Or just copy/paste this entire line here under into powershell and press enter (change the date before you copy/paste if needed):

Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate "21/04/2014 8:00:00 AM"

Open in new window

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
Introduction: I have always been a big fan of Windows but my liking towards it is slowly being eroded by the variety of other Applications that I encounter, when I browse the Web. Most of the software available is free and maybe Open Source too. …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question