Prevent Users from Logging In

Some of our applications install via SCCM better when no user is logged on. Unfortunately, we have had instances where users log in while the installation is taking place and end up with a corrupted install. Is there a way to use PSAppDeploy to block the user from logging in until the installation is complete? Even better would be something similar to when Windows Updates are applied and users see that an update is taking place.

did you ever find a solution for this question? I need to know this as well.

Thanks

We did this when using the ForensIT User Profile wizard to migrate user profiles. The way we handled it was to use a Task Sequence with multiple steps, one of which was to disable the ability of users to login to Windows. As the Task Sequence took a while to run we also replaced the default logon screen wallpaper with a special wallpaper that warned users not to login while the migration was taking place and how to contact support if the process failed. The final steps in the Task Sequence allowed local logon and reset the wallpaper before restarting the computer.

1 Like

This sounds like a good approach. What mechanism did you use to temporarily disable the windows login? Thanks

From memory I created a local group policy to deny local logon for members of the Domain users group (this meant that we could still use the local Administrator account to login if something went wrong) and then used Secedit to export a security template which could be used as part of my script.

I didn’t use this as we did our migration a while ago this but I found this neat powershell module that makes it easy to configure local Security Policy without using Secedit: