Solved

Windows Server 2012

Posted on 2014-04-21
6
167 Views
Last Modified: 2014-04-30
Dear All,

Is it possible to block users in domain  that are using a particular operating system .

for example:- I want to block all the users that are using XP OS  . XP users can't log in.

Is it possible . If yes then how can i configure that option.

Here we have Windows server 2012 configured along with the domain.

I am new to this server world. Searching for new options.


Regards,

JCT
0
Comment
Question by:jct_777
  • 3
  • 2
6 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012233
Are these XP devices domain members? Probably are, but just being sure ...

You can use a Powershell to find the XP devices in your domain and set an expiration date on the device accounts... That's the "easy" fast fix ... This Powershell script can look something like this:

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Open in new window


Change the date accordingly of course...

Another option might be to use a Group Policy with WMI filters and implement it on an OU that contains the XP devices... The WMI filter query would look something like this:

Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Open in new window


A third option, though not easy to manage and maybe expensive to implement, use something like Network Access Control to block the XP devices ...
0
 
LVL 18

Accepted Solution

by:
awawada earned 500 total points
ID: 40012244
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012251
Dear Spravtek,

Yes the XP devices are domain members & also i don't want any XP pc to be connected to our domain in future.

$date="21/04/2014 8:00:00 AM"
Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate $date

Can you please mention clearly how to use the above command in powershell & execute

Regards,

JCT
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012260
Hi JCT,

Just copy paste the script and paste it in (eg) notepad, save the file as a powershell script (extension .ps1).

Now lets say you saved it with a name like blockxp.ps1

Now open a Powershell window and browse to the location you've saved the file to.
execute it with ./blockxp.ps1

Make sure you open the Powershell window/session with admin rights to the domain, you might also get a warning/error about executing scripts, especially if you haven't used Powershell before... The script will not execute if you see this error/warning...

To solve this you can do following:

Type in the Powershell window/session following: "Set-ExecutionPolicy RemoteSigned" (without the quotes)...

Hope it's somewhat clear, if not, let me know.

Ps: If you don't want to bother with a script, just type in everything manually, so first the date part > enter, then the next part and > enter again at the end ...
0
 
LVL 1

Author Comment

by:jct_777
ID: 40012280
Hi ,

As you told created one file with the .ps1 extension. copy & paste the above command in that. But when i opened the powershell i am unable to browse it. Also in the above command the start date is fine what about the expiry date . do i need to mention the date also.

please help me. I am totally confused.

JCT
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 40012295
The date you see in the script is the expiration date ... So set it to the date you want the computer accounts to expire ...

I'm not sure what you mean with the statement that you are unable to browse to it...

If the script doesn't work out, just copy/paste the lines 1 by 1 into powershell

Or just copy/paste this entire line here under into powershell and press enter (change the date before you copy/paste if needed):

Get-ADComputer -Filter {OperatingSystem -eq “Windows XP Professional”} | Set-ADComputer -AccountExpirationDate "21/04/2014 8:00:00 AM"

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM 2012 14 31
prepare AD for 2012 R2 6 99
How to unlock files from encrypted Malware 12 81
RDP Trouble shooting 12 106
Introduction: I have always been a big fan of Windows but my liking towards it is slowly being eroded by the variety of other Applications that I encounter, when I browse the Web. Most of the software available is free and maybe Open Source too. …
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now