Hi all, can you give me some ideas on how to handle this...we use ScriptLogic to manage our desktop environments, which works very well. I have been asked to find a way to force people who have not updated or are not running the latest AV (specific approved product) to logoff.
Environment: Win2K domain, Win9x through XP clients, slow WAN links (some very small offices have 56k frame) Here's what I'm thinking so far: 1. User logs in, ScriptLogic runs 2. SL queries the registry for the magic key/value 3. If it doesn't find it, pops up a msg that says, upgrade your AV before [date] and here's a link to tell you how 4. Drop-dead date comes along, user still hasn't installed/updated 5. SL queries the registry, finds it not installed and executes a command to log the user off I see some basic problems with this though, and maybe you'll have more: 1. Does not affect Win9x users since they can click Cancel and effectively not log on 2. Win2K and later (I have no NT 4) has cached credentials, so a user could unplug, log in, replug and thereby bypass the logon script 3. I'm not sure the various "logoff" tools I've seen are reliable enough to guarantee the result 4. Logging off the machine does not protect the network from viruses; shutdown would be better - it would be more of an annoyance to prompt the user to get it fixed so he/she can work normally again 5. Some users stay logged on, never or hardly ever even running their logon script So with all that said, can you suggest any better options I should be considering, maybe not involving my logon script tool at all? Thanks, Mark Creamer List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
