There are a million ways you can do it... here is one:
When the user registers you need to store the date they registered.
Then using security assist when they log in, you would store the registration date as a session variable.
Then update your security assist access rule to check the login date and restrict access if a certain number of days have passed.
I'm not sure if you would want the admin to be able to change the duration on a user by user basis or globally or both, but you would either store the number of days it is valid for as a separate field in the users table and use that in your security rule, or look it up in a database of configurable settings that you create for the admin.