(view source code of login_abort_if_terminal_server_user.ps as plain text)
# S-1-5-13 = Terminal Server Users
# S-1-5-14 = Remote Interactive Logon
# S-1-5-32-555 = Remote Desktop Users
# See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab for a list of well-known SIDs
if ( [bool][Security.Principal.WindowsIdentity]::GetCurrent( ).Groups -match 'S-1-5-13' -or 'S-1-5-14' -or '1-5-32-555' ) {
Write-Error "This login script must NOT be executed by Terminal Server or Remote Desktop users." -ErrorAction Stop
}
page last modified: 2023-03-10