Restrict a user from accessing a PC or multiple PCs in the Enterprise.
For device management, there is device lock, soft reset, and wipe capability. These commands are used to lock, reset, or wipe a device from Windows.
For user management, there is a Freeze User capability that locks the user from accessing any device in the enterprise. This flag is verified a log in when a user attempts to access a device with connectivity to the PolicyServer.
For this scenario, it is recommended to do the following:
- Freeze the user to prevent them from accessing any device in your enterprise in the future.
- This will prevent the user from accessing a device that may be in a powered down state.
- This flag against the user will be validated at the pre-boot login screen the next time a device that the user attempts to access has connectivity to the PolicyServer.
- The freeze user command will prevent the user from accessing any device in any group he/she can previously access.
- Set the lock or soft reset command form the device that the users have.
These policies will kick any user of the targeted device out of Windows the next time the device sync with the PolicyServer.