Unfortunately, some twonk decided some time ago to buy thousands of laptops with only 128 GB SSDs. After 2-3 years many of those machines have insufficient free space to install essential security updates for Windows and third party apps.
These machines are managed in country by regional admin teams. We send them weekly reports of machines they must remediate to solve this issue (basically they need to rebuild them, as a newly built machine only uses about 50 GB leaving plenty of room), but they are just being ignored.
This is having a massive impact on stats, and a manager who was a pretty good guy was let go recently which we think was exacerbated by the patching stats.
We’ve been given authority from management to make things happen…..
We cannot disable computer accounts in AD as logs are recorded (politics) and also the local teams would just re-enable.
So we think the best solution is just to cause windows not to boot, forcing the local teams to rebuild them and prevent these machines being a security risk.
Does anyone know a simple mechanism to prevent a Windows 7 machine from booting?
I am thinking change file ownership, change perms, delete/rename file, but which file(s) can have the desired effect that are not in use (and therefore cannot be deleted)?
Tl;Dr Want a script to prevent Windows from booting.