Warning - this blog contains opinions, strong language, occasional bold text, and HTML. Viewer discretion is advised.


Don't forget about the old school

I'm downsizing my network at home and I want to get rid of my on-premise domain controller.  So I'm converting to using Azure AD and Windows 10 machines.  All of my devices have been upgraded to Windows 10, but because I also happen to use Google Apps and Google Drive, I ran into THIS annoying problem:

Google Drive on Windows 10 with Azure AD Sign in will not start properly: https://productforums.google.com/forum/#!topic/drive/-Q3no-2OoRw

So, temporarily forced back to using local logins, I was also faced with implementing login restrictions.  Windows 10 Parental Controls are TOO restrictive for my tastes (in addition to now FORCING you to use Microsoft Accounts for all family members), so after some digging I discovered this old school way.  Basically, you can't do login restrictions for local accounts from the GUI, but you can from the command line, below.  You'll probably want to combine this with screen saver timeouts forced with local policy editor:

net user username /times:m-th,2pm-4pm;f-s,1pm-3pm;su,6pm-8pm

So, this will have to suffice until Google Drive fixes their issue with Azure AD logins, and Azure AD lets us perform user logon restrictions like on-prem AD does.