Q

Prevent clients from logging on to the domain unless they are completely up to date

My domain has just recently been upgraded to Windows 2003 Active Directory. I'm trying to find a method similar to what the Windows 2003 Quarantine Server does for remote clients--preventing them from logging on to the domain unless they are completely up to date with MS critical updates. But, I want this to happen to my regular clients who log in directly onto the domain, not remotely. For example, I would like for them to try to log onto the domain but then a dialogue box pops up and says, "Please wait while these updates are being installed (They would be listed in the pop up box). Your system will reboot and then you can log into the domain." Is this a task Group Policies is capable of handling? Do you think I could write a VB or Perl script to accomplish this? Or is there a third party product that does this?
This can definitely be done. Your best bet is to script the use of MBSA on computer login and then use the information MBSA provides to know if the computer meets the current security standard.

Microsoft has released an excellent document on how they do exactly what you are trying to do:
http://www.microsoft.com/technet/itsolutions/msit/security/msirsec.asp
This was first published in February 2004

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close