force user logoff script for Windows 7

Question

Is there any way to force another user to logoff via command line in Windows 7 Home Premium?

My work VPN policy requires that there be only 1 user logged in, to log the other users off I have to run the command prompt as administrator, run the task manager and then right click and log them off. This is a little annoying. Ideally, I'd like an executable or batch script to run that did it all in one quick step. I've ran across a couple threads talking about logging users off after a set timeout, and that might work ok too (assuming there are any that work...my findings are that there aren't) - but I'd still like to know how to do it in one step if possible.

Is there any way to do what I am asking?

I'm not opposed to writing a .net app if I have to as well.

Answer 1

You could automate the logoff command, using something like this batch file (adapted from here):

@echo off
query session > c:\temp\session.txt
for /f "skip=2 tokens=2,3,4" %%i in (c:\temp\session.txt) DO if not "%%i"=="Geoff" logoff %%j
del c:\temp\session.txt
pause

This uses the query session command to get a list of sessions, then the for command to parse the output, and finally the logoff command to log off other users. You'll want to run the query session command to check the output on your machine.

On my machine, I get:

C:\Users\Geoff\Desktop>query session
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
>console           Geoff                     1  Active

the first two lines are garbage, so the skip 2 part ignores those. The username, ID and State get put into the i, j, and k variables respectively. You'll want to test it, and if it won't run as a non-administrator user then you can either right-click the file on your desktop and 'Run as Administrator', or you can create a shortcut to the batch file, then select Properties | Shortcut | Advanced | Run as Administrator. Either way you'll get a UAC prompt. Finally, if you want to run the batch file without the UAC prompt, you can go the more obscure task scheduler route: see this post.

Answer 2

Check out PSShutdown from MS. You can use it with the -o option to log off the Console user, and make a batch file you could run with one click (or one right-click > run as administrator).

PsShutdown is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher).

Also, maybe check out this question: Timeout a User Account?

Answer 3

As an alternative to my other answer (this question got me thinking!), you could also consider using a combination of two things:

1. Set up a scheduled task on each workstation to run a logoff script. The trigger would be a specific event log entry.
2. Use a .vbs script on your own desktop to post the trigger entry to the event log.

Taking these in turn:

Scheduled Task

You'd need to log in as each user, I think, and add a new task with a custom trigger: Triggers | New | 'On an event' | Custom | New Event Filter | XML | 'Edit manually'. Then use something like the following for the XML:

<QueryList>
  <Query Id="0" Path="Application">
    <Select Path="Application">*[System[(Level=4 or Level=0) and (EventID=4)]] and *[EventData[Data[1]='EVERYBODY_OFF']]</Select>
  </Query>
</QueryList>

That will look for information events in the Application log with the EventID of 4 (information), and the data body of 'EVERYBODY_OFF'. You can read more about event triggers here.

The action should be able to be as simple as shutdown -l, which should trigger a logoff (you'll want to test it).

Trigger Script

The following .vbs script will log the 'EVERYBODY_OFF' event on demand:

const EVENTLOG_INFORMATION = 4
strMessage = "EVERYBODY_OFF"
set objShell = CreateObject("WScript.Shell")
objShell.LogEvent EVENTLOG_INFORMATION, strMessage

Stuff to Test

The bits I'm not sure of, and which will take a bit of testing:

• Is that the event message that is posted global to the machine? I.e., will all users see the task?
• Will the shutdown command run correctly in the context of the target user?

Answer 4

Here's an interesting article from The Scripting Guys describing forced logoff triggered by event:

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/10/hey-scripting-guy-how-can-i-log-out-a-user-if-they-launch-a-particular-application.aspx

Suppose you can use logon or explorer.exe launch by user A as trigger event to log out user B.