0

I need some help for a side project I'm working on. I hardly deal with any scripting so I thought you guys could help me out. The script should follow this algorithm:

  1. check if user is a member of -AD group-
  2. if positive force logoff
  3. if negative proceed with logon

Thanks in advance!

userfault
  • 23
  • 3

1 Answers1

0

You mention this script is a "local login script" which implies you only want a select machine to deny users of your AD group the ability to log on. Rather than relying on a script to log the user off you could prevent them logging on at all by adding a GPO to the machine with the AD group added in the following location:

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

I can't check at the moment but I'm sure you can add groups to this policy as well as users.

Daniel Arkley
  • 92
  • 7
  • Thank you for your comment but unfortunately my sys admin wouldn't give me permissions to edit the gpo. I'm actually the helpdesk taking some side projects. – userfault May 10 '15 at 21:05
  • You could make this change in Local Security Policy too if GPO isn't any good. – Daniel Arkley May 10 '15 at 21:06