Category filter
Script to force log off users from current active sessions on Windows
While it is necessary to ensure an uninterrupted user experience on the device, certain scenarios demand the admins to force log off the users from their current active sessions. To reset a user login session or enforce certain restrictions, the user accounts might need to be logged off. Alternatively, terminating idle or inactive sessions can help with the overall system performance. Also, forcefully logging off users is considered a security measure in scenarios where administrators suspect unauthorized access, preventing potential data breaches. This doc provides a script that will force log-off users on Windows devices. Admins can use the Hexnode’s Execute Custom Script remote action to run the script.
The sample scripts provided below are adapted from third-party open-source sites.
Script to log off a specific user from the current active session
|
1 2 3 4 5 6 7 8 9 10 11 |
$targetUsername = 'username' $activeSessions = quser $sessionLine = $activeSessions | Where-Object { $_ -match $targetUsername } if ($sessionLine) { $sessionInfo = ($sessionLine -split '\s+') | Where-Object { $_ -ne '' } $sessionID = $sessionInfo[2] logoff $sessionID Write-Host "Logged off user $targetUsername (Session ID: $sessionID)" } else { Write-Host "User $targetUsername is not currently logged in." } |
The quser command helps retrieve the list of active sessions on the system and stores it in the $activeSessions variable. Here, $activeSessions is a list that contains usernames with their corresponding session details. Then, the $sessionLine variable is assigned the value of the session details corresponding to the specified username from the $activeSessions list. The $sessionID variable is assigned the value fetched from the $sessionInfo array, representing the session IDs of the users. The script extracts the session ID for the specified user and uses the logoff command to forcefully end the session.
Replace the username with the account’s username on the Windows device which must be logged off. After the execution of the above script, the current active session of the specified user on the device will be logged off.
Force log off all users from their current active sessions in Windows
Execute the following script to log off all the current active user sessions on the device.
|
1 2 3 4 5 6 7 8 9 |
$activeSessionIDs = (Get-Process -Name "explorer" | Select-Object -ExpandProperty SessionID) | Where-Object { $_ -gt 0 } if ($activeSessionIDs.Count -gt 0) { foreach ($sessionID in $activeSessionIDs) { logoff $sessionID Write-Host "Logged off session $sessionID" } } else { Write-Host "No active user sessions found." } |
The script identifies active user sessions associated with the explorer process, retrieves their Session IDs, and logs off each identified session. Using explorer as the process name is a common approach because it is a system process that is typically associated with user sessions. It first checks if there are any active sessions with the help of $activeSessionIDs.Count -gt 0, and if so, it iterates through the list of session IDs, executing the logoff command for each session.
After the execution of the above script, the current active session of all the users on the device will be logged off.
- Before executing the script, make sure to securely save all data. Forcefully logging off users can lead to potential data loss, especially if there are active applications, processes, or tasks in progress.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
