Category filter

Script to force log off users from current active sessions on Windows

While it is necessary to ensure an uninterrupted user experience on the device, certain scenarios demand the admins to force log off the users from their current active sessions. To reset a user login session or enforce certain restrictions, the user accounts might need to be logged off. Alternatively, terminating idle or inactive sessions can help with the overall system performance. Also, forcefully logging off users is considered a security measure in scenarios where administrators suspect unauthorized access, preventing potential data breaches. This doc provides a script that will force log-off users on Windows devices. Admins can use the Hexnode’s Execute Custom Script remote action to run the script.

Disclaimer:


The sample scripts provided below are adapted from third-party open-source sites.

Script to log off a specific user from the current active session

The quser command helps retrieve the list of active sessions on the system and stores it in the $activeSessions variable. Here, $activeSessions is a list that contains usernames with their corresponding session details. Then, the $sessionLine variable is assigned the value of the session details corresponding to the specified username from the $activeSessions list. The $sessionID variable is assigned the value fetched from the $sessionInfo array, representing the session IDs of the users. The script extracts the session ID for the specified user and uses the logoff command to forcefully end the session.

Replace the username with the account’s username on the Windows device which must be logged off. After the execution of the above script, the current active session of the specified user on the device will be logged off.

The Action History tab of Hexnode displays information about a specific user who has been force logged off from Windows

Force log off all users from their current active sessions in Windows

Execute the following script to log off all the current active user sessions on the device.

The script identifies active user sessions associated with the explorer process, retrieves their Session IDs, and logs off each identified session. Using explorer as the process name is a common approach because it is a system process that is typically associated with user sessions. It first checks if there are any active sessions with the help of $activeSessionIDs.Count -gt 0, and if so, it iterates through the list of session IDs, executing the logoff command for each session.

After the execution of the above script, the current active session of all the users on the device will be logged off.

Execute a script to force log off users from Windows devices and verify the output from the Action History tab

Notes:

  • Before executing the script, make sure to securely save all data. Forcefully logging off users can lead to potential data loss, especially if there are active applications, processes, or tasks in progress.
  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository