Rob van der Woude's Scripting Pages
Powered by GeSHi

Source code for login_abort_if_terminal_server_user.ps

(view source code of login_abort_if_terminal_server_user.ps as plain text) 

  1. # S-1-5-13     = Terminal Server Users
  2. # S-1-5-14     = Remote Interactive Logon
  3. # S-1-5-32-555 = Remote Desktop Users
  4. # See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab for a list of well-known SIDs
  5. if ( [bool][Security.Principal.WindowsIdentity]::GetCurrent( ).Groups -match 'S-1-5-13' -or 'S-1-5-14' -or '1-5-32-555' ) {
  6. 	Write-Error "This login script must NOT be executed by Terminal Server or Remote Desktop users." -ErrorAction Stop
  7. }
  8.  

page last modified: 2023-03-10