My firm is targeting computer systems with legacy or unsupported versions of software. As part of the initiative, we are first sending notification to the end users who own those systems upgrade, update, uninstall. Secondly, we are invoking a nuclear option to disable or delete the computer object from AD.
My question revolves around the immediate or delayed affect of a disablement or deletion of the computer object in AD. Since a computer authenticates to the domain like a person, it has a Kerberos ticket associated. So does a disablement have any immediate affect on that system's ability to access resources on the network?
I understand this does not impede web access to an application like O365 which uses synced Azure user accounts from AD for authentication. We use federated authentication for Azure. The user may log in with cached credentials and access the internet and web services. We actually want the user to be able to access email and certain web services but we want to keep them from being able to RDP to a server or access other network services with that disabled system with vulnerable software.
When is the effect of the disablement of a computer object noticed?
When is the effect of a computer deletion noticed?