How can I force a locked workstation to log off after a timeout?

I would like to have workstations automatically log-off after a set period of inactivity. There are many solutions to lock a workstation after a timeout and a few hacks to log off a workstation when the user becomes inactive. However, when the workstation is locked but not disconnected, the query user command shows 'Active' for the user and those hacks do not work. (https://superuser.com/questions/269574/how-can-i-automatically-log-out-users-from-a-windows-machine?rq=1)

I would like to set a policy that would automatically log a user off after ~5 days of inactivity. Unfortunately this means using logon hours is not feasible as I cannot set certain hours or certain days for this logoff requirement.

The "idle" trigger for task scheduler also seems to not be ideal as any CPU activity blocks it rather than just user activity.

Unfortunately I also cannot justify a third-party utility or cost associated with this configuration.

Solution 1:

One way that can be done is using a policy group if your are referring to RDP sessions. For example, go to: LocalComputerPoplicy --> Computer Configuration --> Administrative Templates --> Windows Components --> Remote Desktop Services --> Remote Desktop Session Host --> Session Time Limits. Set values in that policy as you need

Another option is the method described in this article. Or you can try this application that is free to use. If you are still using Windows 7, this old post can be helpful for your case.