Forum Discussion

AashirK's avatar
AashirK
Copper Contributor
Oct 08, 2024

How to make account or laptop inaccessible at certain times?

I want to make an account not be able to be accessed at certain times of the day, how can I do this?

Intune
mobile device management (mdm)

2 Replies

  • micheleariis's avatar
    micheleariis
    MCT
    Oct 09, 2024

    AashirK Hi, you could use intune proactive remediation and through a script achieve your goal:

     

    Step 1-Create the Detection and Remediation Scripts
    Proactive Remediations require two scripts:

    -Detection Script: Checks if the user is outside the allowed hours.
    Remediation Script: Performs the corrective action (e.g., logs off the user or locks the screen).
    Detection Script
    The following script checks if the current time is outside the allowed hours (e.g., 6 AM to 10 PM):

    powershell code:

    # Define allowed hours (e.g., 6 AM to 10 PM)
    $startHour = 6
    $endHour = 22

    # Get the current hour
    $currentHour = (Get-Date).Hour

    # Check if the current time is outside the allowed hours
    if ($currentHour -lt $startHour -or $currentHour -ge $endHour) {
    # If it's outside the allowed hours, return a negative status
    exit 1
    } else {
    # If it's within the allowed hours, return a positive status
    exit 0
    }
    This script returns 1 if the user is outside the allowed hours, otherwise, it returns 0.

    -Remediation Script

    This script will log off the user or lock the screen when the detection script determines that the user is outside the allowed hours.

    To log off the user:

    powershell code:

    # Log off the user
    shutdown.exe -l
    Or, to lock the screen:

    powershell code:

    # Lock the screen
    rundll32.exe user32.dll, LockWorkStation

    Step 2: Configure Proactive Remediations in Intune
    Log in to the Intune Admin Center:

    Go to Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com.
    Navigate to Endpoint Analytics:

    Go to Reports > Endpoint Analytics > Proactive Remediations.
    Select Create script package to create a new script package.
    Configure the Script Package:

    Name the package (e.g., "Time-Based Access Control").
    Upload the detection script you created earlier.
    Upload the remediation script (the one that logs off or locks the user).
    Choose the option "Run this script using the logged-on credentials", setting it to Yes.
    Assign the Script Package to the Target Devices or Users:

    Assign the package to the group of devices or users for whom you want to implement the restriction.
    Set the Execution Frequency:

    Set the frequency for checking the time and applying necessary actions (e.g., every 1 hour).

Resources