Solved

how to block windows xp PCs from logging into the corporate network

Posted on 2014-10-23
5
236 Views
Last Modified: 2014-10-23
We have a number of XP machines out there, and want to block them from accessing the corporate network.

We need to push a script or policy to the XP machines to deny them access to the corporate network, and force them to call into the Service Desk for replacement.
0
Comment
Question by:Alice Schumm
  • 3
5 Comments
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40399548
are these machines on your domain or just connecting to the network?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40399549
Do they log in to a domain? In that case, push a login script per GPO to all clients, which checks for the OS version and then acts as required.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40399553
Qlemo, thats exactly what I was thinking.

Or you can combine a LegalNotice Warning Text and deny logon locally using a wmi filter for windows xp
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40399577
Create a GPO that has these entries in "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

LegalNoticeCaption    REG_SZ      Please contact Service Desk
LegalNoticeText          REG_SZ      This computer has been disabled from logging on to our network because it is running an outdated OS Please call 1-800-HEL-PDSK


In the same GPO set this policy "Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment > Deny log on locally" to Domain Users

then create a WMI filter for the GPO

select * from Win32_OperatingSystem where (Version like "5.1") and ProductType="1"


Then apply the GPO to Authenticated Users and you can link it to your domain root. Because of the WMI filter, it will only apply to Windows XP machines.
0
 

Author Comment

by:Alice Schumm
ID: 40400690
Sounds great.  Thank you.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question