Remotly modifying Group Policies & User Accounts on Windows 10 Pro.

[BigPanda]

Hello,

A have a couple of Windows 10 Pro computers at home for the kids and I was wondering if it is possible to manage those computers Group Policies & Accounts from my personal desktop.

I mainly want to develop a small interface that will allow me or my wife to block user login between specific hours and/or block some specific applications from running when (Fortnite).

Right now, I have no problem doing this, but I need to login on the PC to set the rules.

Is there a way to manage those things from command line on a remote desktop?

I would prefer to use an official approach than writing a server with a privileged account to do so.

All PCs are on the same network, and I am an administrator on all the PC.

 

Any Idea ?

Thank you

[satukoro]

You're basically describing using Group Policy in a tiny Active Directory. Although, if you had an active directory environment you could just limit logon hours using AD Users and Computers.

According to an article I found, you can limit user logins as follows:

net user <username> /time:<day>,<time>

<day>: This is a day or day span. The days are Su, M, T, W, Th, F, and Sa. A day span would be two days separated by a dash, for example: Su-Sa

<time>: This is a time span of the time the user should be allowed to log in, such as 8am-4pm.

You may also have multiple spans of time separated by a semicolon and surrounded by quotes, for example: 

net user satukoro /time:"M-F,6am-8am;M-F,4pm-10pm"

The above code can be executed locally, however in order to execute it remotely, you would have to run something like this: 

Invoke-Command -ComputerName NameOrIpOfTargetComputer -Credential get-credential -ScriptBlock {net user <username> /time:<day>,<time>}

The "get-credential" cmdlet prompts you for credentials to run the command with. In your case, you would use "nameOfWorkstation\adminusername" for the username field, and the password of your administrative account.

[goretsky Supervisor]

Hello,

Have you looked into using Microsoft Family Safety or other parental controls?  Those might be easier to deploy and give you easier to understand logging in case you need to troubleshoot something.

Regards,

Aryeh Goretsky