Last week I received a request asking if I could prevent a certain user from logging into a system after normal business hours.
I thought it would be easy using AD and just setting the login hours for her account; however, since the user's email is routed to my Exchange server, it caused her to be locked out of her email after hours. The solution I came up with is a simple VBScript.
The script checks the day and time. If they are out of the acceptable range then using the shutdown command I reboot the box in 60 seconds. Both the system and the script will present a popup window notifying the user of the situation. I configured a group policy to run the script at logon and only for a specific AD group (which the user is a member of).
So that covers logging in but what if the user is already logged onto the system. Another group policy, with a preference setting for a scheduled task running the shutdown /r /t 60 command at 6 PM everyday does the trick.
'************************************************************************
on error resume next
dim vday, vhour
vday = weekday(now)
vhour = hour(now)
set wshshell = wscript.createobject("wscript.shell")
if vday >= 2 and vday <= 6 then
if vhour < 8 or vhour > 17 then
wshshell.run "C:\WINDOWS\system32\shutdown.exe /r /t 60"
wshshell.popup "Your Account is Only Permitted to Login Between 8AM" _
& " and 6PM" & vbCrLf & "Monday through Friday", 20, "Account Logoff"
end if
else
wshshell.run "C:\WINDOWS\system32\shutdown.exe /r /t 60"
wshshell.popup "Your Account is Only Permitted to Login Between 8AM" _
& " and 6PM" & vbCrLf & "Monday through Friday", 20, "Account Logoff"
end if
wscript.quit
'**************************************************************************************************************
No comments:
Post a Comment