Ask the Expert

Prevent clients from logging on to the domain unless they are completely up to date

My domain has just recently been upgraded to Windows 2003 Active Directory. I'm trying to find a method similar to what the Windows 2003 Quarantine Server does for remote clients--preventing them from logging on to the domain unless they are completely up to date with MS critical updates. But, I want this to happen to my regular clients who log in directly onto the domain, not remotely. For example, I would like for them to try to log onto the domain but then a dialogue box pops up and says, "Please wait while these updates are being installed (They would be listed in the pop up box). Your system will reboot and then you can log into the domain." Is this a task Group Policies is capable of handling? Do you think I could write a VB or Perl script to accomplish this? Or is there a third party product that does this?

    Requires Free Membership to View

This can definitely be done. Your best bet is to script the use of MBSA on computer login and then use the information MBSA provides to know if the computer meets the current security standard.

Microsoft has released an excellent document on how they do exactly what you are trying to do:
http://www.microsoft.com/technet/itsolutions/msit/security/msirsec.asp

This was first published in February 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: