Limit logon based on windows patches

J

John Nash

Hi,

Is there a way to limit a user from logging onto a computer (in a domain)
that doesn’t meet a base minimum of patches installed? Example, if someone
didn’t have service pack 2 installed then no one could logon to the domain
until it is installed.

Thanks in advance!

John
 
V

Vinson

If you are running a login script, and you are good at scripting in general,
you could look for certain registry keys or (programs on the hard drive)
which only exist on patched machines. If they don't exist, issue a message
to the user that the machine is not patched, and then logoff.

Vinson
 
A

Anteaus

I would suggest AutoIt

http://autoitscript.com

This has builtin variables representing Windows version and SP level.
(@OSVersion, @OSServicePack) For finer control you could enumerate the KB###
patch-folders under the Windows dir, or as suggested enumerate registry keys.

If the requirements aren't met, you issue a shutdown(0) command which logs
the user off.

Bear in-mind the need to do an IsAdmin() check first, or you will create a
catch-22 in which no-one can patch the computer! That, or allow a time delay
for patching.

Kixstart or VBScript are other alternatives, though these days I find AutoIt
more powerful and flexible.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Connecting a remote workstation to a domain 1
Network User profile not saving 5
Deleted User on my home computer (Windows XP Pro) 1
Logon Failure - Group Policy 1
panda and windows xp stop error 3
blank password 2
User Profile Unavailable Overnight 3
Running Startup Scripts Appear to Hang Windows XP 18

Top