schleep (1/22/2014)
What isn't working is getting SQLCMD to run in the context of the user that's login in/out.I had assumed that the policy would execute under a system/admin account.
If you're doing it via a conventional login script, then no, that doesn't execute as a sysadmin account--it wouldn't be terribly useful if it *did*, because login scripts are supposed to do stuff that's specific to the user logging in, not some random admin user. This is probably why it's not working.