top of page

PowerShell | Remotely Logoff Utility Script

1. Resource Management

Disconnected sessions can consume server resources such as CPU, memory, and storage. These resources are limited and should be available for active users and processes. By logging off disconnected users, you free up these resources, ensuring the server runs efficiently and can handle active workloads effectively.

2. Licensing Compliance

Windows servers, particularly those running Remote Desktop Services (RDS), are often licensed based on the number of concurrent users or sessions. Disconnected sessions can count against this limit, potentially violating licensing agreements and leading to additional costs or compliance issues.

PowerShell at use on Desktop

3. Security

Disconnected sessions can pose security risks. They may still have active tokens or cached credentials that could be exploited by malicious actors. Logging off these sessions helps to minimize the window of opportunity for unauthorized access and reduces the risk of security breaches.

4. System Performance

A high number of disconnected sessions can degrade overall system performance. Active users might experience slower response times and reduced performance due to the overhead caused by maintaining these inactive sessions. Logging them off helps maintain optimal performance for all users.

5. User Session Management

Disconnected sessions can sometimes lead to "stale" processes or hung applications that might need to be manually terminated. This can complicate system administration and troubleshooting. Regularly logging off disconnected users simplifies session management and reduces administrative overhead.

6. Backup and Maintenance

During server maintenance, updates, or backups, disconnected sessions can interfere with these processes. Logging off all users ensures that maintenance tasks can be performed without issues caused by lingering sessions, leading to smoother and more efficient maintenance operations.

Implementing Log Off Policies

To manage disconnected sessions effectively, administrators can implement policies and automated processes, such as:

  • Session Time Limits: Configure session time limits through Group Policy to automatically log off users after a specified period of disconnection.

  • Scheduled Tasks: Use scripts and scheduled tasks to log off disconnected sessions periodically.

  • Remote Desktop Services Settings: In RDS environments, configure session limits and disconnection settings to control how long sessions remain disconnected before being logged off.

By regularly logging off users in a disconnected state, you maintain a more secure, efficient, and well-managed server environment.

PowerShell at use on keyboard

PowerShell Script Utility for Logging Off Remote User

<#

    .Summary: 

         Query remote computer by name - List results of logged on users

          Option to continue Y/N - If yes asks for ID for account to Logoff

          Logs off requested account             

    .Author: Sott Head

          Date: 02/09/2022

          Version: 1.2

#>

CLS

#Clear Variable

$UserID=""

$ComputerName=""

$ERRORS =""

$UserEntry=""

$ERROR2 =""

 

#Get Input From User

write-Host "`n"

$ComputerName = Read-Host "Enter Computer Name"

 

#Error Trap

If($ComputerName -eq ""){

    CLS

    Write-Host "`n"

    Write-Host "No ComputerName Entered"

    Write-Host "Session Ended"

    Pause

    Break

}

 

#Query Computer for Logged on Users

Try{

    Invoke-Command -ComputerName $ComputerName -ScriptBlock {Query User /Server:$ComputerName} -ErrorVariable ERRORS -ErrorAction SilentlyContinue

 

}Catch{

}

 

#Error Trap

If($ERRORS -like "No User exists for *"){

    CLS

    Write-Host "`n"

    Write-Host "No Users Found Logged in to $ComputerName"

    Write-Host "Session Ended"

    pause

    Break

}

 

#Error Trap

If($ERRORS -like "*failed with the following error message*"){

    CLS

    Write-Host "`n"

    Write-Host "Could Not Connect o $ComputerName"

    Write-Host "Session Ended"

    pause

    Break

}

 

#Option to Display to user

write-Host "`n"

$UserEntry=Read-Host "Do you need to remove a user? (Y/N)"

write-Host "`n"

 

#Response From User Conditional

If(($UserEntry -eq "y") -or ($UserEntry -eq "Y")){

    

    #Reuest User ID 

    $UserID=""

    $UserID = Read-Host "Enter User ID Number from computer $Computername"

 

    #Error Trap

    if($UserID -ne ""){

        #Disconnects User Session    

        Try{

            Invoke-Command -ComputerName $ComputerName -ScriptBlock {LogOff $Args} -ArgumentList $UserID -ErrorVariable ERROR2 -ErrorAction SilentlyContinue 

        }Catch{

        }

        #Error Trap

        if($ERROR2 -ne ""){

            CLS

            Write-host " ---ERRROR---  `n Account Removal `n No Changes Were Made `n $ERROR2"

            pause

            Break

        }

 

    }Else{    

    CLS

    write-host "No ID Entered"

    Write-host "Session Ended"

    write-Host "`n"

}

   

}Else{    

    CLS

    Write-host "Session Ended"

    write-Host "`n"

}

bottom of page