Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows Server 2012

Posted on 2014-04-21
6
Medium Priority
?
176 Views
Last Modified: 2014-04-30
Dear All,

Is it possible to block users in domain  that are using a particular operating system .

for example:- I want to block all the users that are using XP OS  . XP users can't log in.

Is it possible . If yes then how can i configure that option.

Here we have Windows server 2012 configured along with the domain.

I am new to this server world. Searching for new options.


Regards,

JCT
0
Comment
Question by:jct_777
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012233
Are these XP devices domain members? Probably are, but just being sure ...

You can use a Powershell to find the XP devices in your domain and set an expiration date on the device accounts... That's the "easy" fast fix ... This Powershell script can look something like this:

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Open in new window


Change the date accordingly of course...

Another option might be to use a Group Policy with WMI filters and implement it on an OU that contains the XP devices... The WMI filter query would look something like this:

Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Open in new window


A third option, though not easy to manage and maybe expensive to implement, use something like Network Access Control to block the XP devices ...
0
 
LVL 18

Accepted Solution

by:
awawada earned 1500 total points
ID: 40012244
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012251
Dear Spravtek,

Yes the XP devices are domain members & also i don't want any XP pc to be connected to our domain in future.

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Can you please mention clearly how to use the above command in powershell & execute

Regards,

JCT
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012260
Hi JCT,

Just copy paste the script and paste it in (eg) notepad, save the file as a powershell script (extension .ps1).

Now lets say you saved it with a name like blockxp.ps1

Now open a Powershell window and browse to the location you've saved the file to.
execute it with ./blockxp.ps1

Make sure you open the Powershell window/session with admin rights to the domain, you might also get a warning/error about executing scripts, especially if you haven't used Powershell before... The script will not execute if you see this error/warning...

To solve this you can do following:

Type in the Powershell window/session following: "Set-ExecutionPolicy RemoteSigned" (without the quotes)...

Hope it's somewhat clear, if not, let me know.

Ps: If you don't want to bother with a script, just type in everything manually, so first the date part > enter, then the next part and > enter again at the end ...
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012280
Hi ,

As you told created one file with the .ps1 extension. copy & paste the above command in that. But when i opened the powershell i am unable to browse it. Also in the above command the start date is fine what about the expiry date . do i need to mention the date also.

please help me. I am totally confused.

JCT
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012295
The date you see in the script is the expiration date ... So set it to the date you want the computer accounts to expire ...

I'm not sure what you mean with the statement that you are unable to browse to it...

If the script doesn't work out, just copy/paste the lines 1 by 1 into powershell

Or just copy/paste this entire line here under into powershell and press enter (change the date before you copy/paste if needed):

Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate "21/04/2014 8:00:00 AM"

Open in new window

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
Many times while working on a computer regardless of any Operating System, lag and crashes seem to creep in, hindering your working speed. Sometimes, it can also cause your work to be lost unexpectedly and as a result, you are unable to meet your de…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question