How to disable local logon after 90 days?

[Suaay]

I am trying to stop laptop users from NEVER logging on the the domain. I want to create a script that will count the number of days that laptop has been off the network for 90 days and disable local logins until the machine is attached to the domain. I'd also like to have a warning message pop up after 75 days of being off the network, letting the user know that the machine will cease to function in X number of days (insert countdown here), unless they attach it to the domain. Mainly the purpose is so the users can get timely updates of SW and virus info. Please help!

 

[fattony]

i don't know anything about scripting, but how are you going to give your users a machine startup script via policy if they're not on the domain yet? doing it locally on every single laptop? maybe i'm not clear on your situation

sounds like you need to change their local administrator passwords first hand before the laptops get deployed in the environment, that way they have no choice but to join the domain and login with domain credentials instead of local...since they're mobile users, make sure they have enough cached logon credentials available to them incase they're not connected to the domain

 

[woshitudou]

I think you'd be able to do it in windows scripting using visual basic scripting. You can use the date functions to get the date and registry access functions to toggle the local logon and other entries.

Another idea would be to write a small app that checks the date and exits with an error level which your script picks up and inserts a reg file based on the date.