Solutions to lock out a laptop and force AD connection to log back in

Posted by DeifniteProfessional@reddit | sysadmin | View on Reddit | 2 comments

This is a general question, though in our specific situation, a user who is on annual leave until their last day has yet to return their laptop to us and there's been a suggestion that they're using their laptop for personal use and/or their new place of work Naturally, we can disable their user via AD, but until they connect to the VPN, they'll still be able to log on with their cached(?) credentials(? ticket?) We do have ESET Endpoint Security installed, and as such can remotely run any commands as a system user. Is there a sure fire way we can disable log on until the machine is able to reach our AD server (in which case, the user will be disabled anyway)?

2 Comments

[-]

xCharg@reddit

Set up local GPO that disabled said cache? Or straight up logs off said user and disables it. Test in on other device first to be sure it works.

AutoModerator@reddit

Much of reddit is currently restricted or otherwise unavailable as part of a large-scale protest to changes being made by reddit regarding API access. /r/sysadmin has made the decision to not close the sub in order to continue to service our members, but you should be aware of what's going on as these changes will have an impact on how you use reddit in the near future. More information can be found [here](https://www.reddit.com/r/Save3rdPartyApps/comments/1476ioa/reddit_blackout_2023_save_3rd_party_apps/). If you're interested in alternative r/sysadmin communities during the protests, you can join our [Discord](https://discord.gg/sysadmin) or IRC (#reddit-sysadmin on libera.chat). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/sysadmin) if you have any questions or concerns.*

Reply to Post

2 Comments