Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locking out user accounts but with message box on logon then kick off?

Status
Not open for further replies.
MRoberto

MRoberto

IS-IT--Management
May 9, 2005
41
US
Hello

Windows 2003 Server Enterprise Edition
Active Directory and Script Logic
The objective:
When a selected user logs on to their network account, I need to have a message box pop up on startup saying their account is locked up due to ( insert reason here ). They should only be able to either hit "OK", and then they will be logged off automatically. Or another button option would be just to log off.

The problem:
Our staff needs to fill out SAL's. Service Address Logs. They are basically daily logs of what they did all day long. The Sals are due once a week, and then used for billing once a month.
When our staff doesn't complete their SAL's, finance and data entry get real mad, and we dont get all the billing done for the month, which then makes the IS dept run around like a chicken with its head cut off.
We usually get around 15 people a month with late/incomplete sals.

What we need to do:
When we get the late SAL report from data entry, we want to be able to easily select those users, and make a message box popup on startup when they log on, saying complete your sals and you can play on the computer again.

We could just call them, and disable their user accounts. However when we disable a user account, we also then have to go into Veritas for our backup and manually de-select those users' email boxes or else our backup will fail or not work properly. Then they would also need to be re-added.....thats not very friendly

Another option would be to create a user group called "LateSals" or whatever, and we could add the culprits to this group as needed. Script Logic could then push out a message box to these users, but then I dont know how to lock out their account after they hit the "ok" button.



So on user logon, message box, then log off........ oh yeah and its gotta be simple to do for each user.....possible? ideas? comments? help por' favor
 
Sort by date Sort by votes
Easy enough, I'd use a script to check for group membership at login. If they are a member of the group you specify, it pops up the warning message. When they click OK you can execute WMI code to force logoff. You won't actually be locking out their account but the affect is the same.

It is not possible to lock an account programatically, only to unlock it. Lock out happens from mistyping the password. You could however if you really want to go this far, DISABLE the account.

Basic code for that is:
Code: 
Const ADS_UF_ACCOUNTDISABLE = 2

Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")

objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
3K
Wesaf
Wesaf
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
3K
BroBias
BroBias

Part and Inventory Search

Sponsor

Back
Top