Hi,

Is there a way to limit a user from logging onto a computer (in a domain)
that doesn’t meet a base minimum of patches installed? Example, if someone
didn’t have service pack 2 installed then no one could logon to the domain
until it is installed.

Thanks in advance!

John

If you are running a login script, and you are good at scripting in general,
you could look for certain registry keys or (programs on the hard drive)
which only exist on patched machines. If they don't exist, issue a message
to the user that the machine is not patched, and then logoff.

Vinson

"John Nash" wrote:

> Hi,
>
> Is there a way to limit a user from logging onto a computer (in a domain)
> that doesn’t meet a base minimum of patches installed? Example, if someone
> didn’t have service pack 2 installed then no one could logon to the domain
> until it is installed.
>
> Thanks in advance!
>
> John
>

I would suggest AutoIt

http://autoitscript.com

This has builtin variables representing Windows version and SP level.
(@OSVersion, @OSServicePack) For finer control you could enumerate the KB###
patch-folders under the Windows dir, or as suggested enumerate registry keys.

If the requirements aren't met, you issue a shutdown(0) command which logs
the user off.

Bear in-mind the need to do an IsAdmin() check first, or you will create a
catch-22 in which no-one can patch the computer! That, or allow a time delay
for patching.

Kixstart or VBScript are other alternatives, though these days I find AutoIt
more powerful and flexible.

"John Nash" wrote:

> Hi,
>
> Is there a way to limit a user from logging onto a computer (in a domain)
> that doesn’t meet a base minimum of patches installed? Example, if someone
> didn’t have service pack 2 installed then no one could logon to the domain
> until it is installed.
>
> Thanks in advance!
>
> John
>