Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows Server 2012

Posted on 2014-04-21
6
170 Views
Last Modified: 2014-04-30
Dear All,

Is it possible to block users in domain  that are using a particular operating system .

for example:- I want to block all the users that are using XP OS  . XP users can't log in.

Is it possible . If yes then how can i configure that option.

Here we have Windows server 2012 configured along with the domain.

I am new to this server world. Searching for new options.


Regards,

JCT
0
Comment
Question by:jct_777
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012233
Are these XP devices domain members? Probably are, but just being sure ...

You can use a Powershell to find the XP devices in your domain and set an expiration date on the device accounts... That's the "easy" fast fix ... This Powershell script can look something like this:

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Open in new window


Change the date accordingly of course...

Another option might be to use a Group Policy with WMI filters and implement it on an OU that contains the XP devices... The WMI filter query would look something like this:

Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Open in new window


A third option, though not easy to manage and maybe expensive to implement, use something like Network Access Control to block the XP devices ...
0
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 40012244
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012251
Dear Spravtek,

Yes the XP devices are domain members & also i don't want any XP pc to be connected to our domain in future.

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Can you please mention clearly how to use the above command in powershell & execute

Regards,

JCT
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012260
Hi JCT,

Just copy paste the script and paste it in (eg) notepad, save the file as a powershell script (extension .ps1).

Now lets say you saved it with a name like blockxp.ps1

Now open a Powershell window and browse to the location you've saved the file to.
execute it with ./blockxp.ps1

Make sure you open the Powershell window/session with admin rights to the domain, you might also get a warning/error about executing scripts, especially if you haven't used Powershell before... The script will not execute if you see this error/warning...

To solve this you can do following:

Type in the Powershell window/session following: "Set-ExecutionPolicy RemoteSigned" (without the quotes)...

Hope it's somewhat clear, if not, let me know.

Ps: If you don't want to bother with a script, just type in everything manually, so first the date part > enter, then the next part and > enter again at the end ...
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012280
Hi ,

As you told created one file with the .ps1 extension. copy & paste the above command in that. But when i opened the powershell i am unable to browse it. Also in the above command the start date is fine what about the expiry date . do i need to mention the date also.

please help me. I am totally confused.

JCT
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012295
The date you see in the script is the expiration date ... So set it to the date you want the computer accounts to expire ...

I'm not sure what you mean with the statement that you are unable to browse to it...

If the script doesn't work out, just copy/paste the lines 1 by 1 into powershell

Or just copy/paste this entire line here under into powershell and press enter (change the date before you copy/paste if needed):

Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate "21/04/2014 8:00:00 AM"

Open in new window

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question