force user logoff script for Windows 7

Solution 1:

You could automate the logoff command, using something like this batch file (adapted from here):

@echo off
query session > c:\temp\session.txt
for /f "skip=2 tokens=2,3,4" %%i in (c:\temp\session.txt) DO if not "%%i"=="Geoff" logoff %%j
del c:\temp\session.txt
pause

This uses the query session command to get a list of sessions, then the for command to parse the output, and finally the logoff command to log off other users. You'll want to run the query session command to check the output on your machine.

On my machine, I get:

C:\Users\Geoff\Desktop>query session
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
>console           Geoff                     1  Active

the first two lines are garbage, so the skip 2 part ignores those. The username, ID and State get put into the i, j, and k variables respectively. You'll want to test it, and if it won't run as a non-administrator user then you can either right-click the file on your desktop and 'Run as Administrator', or you can create a shortcut to the batch file, then select Properties | Shortcut | Advanced | Run as Administrator. Either way you'll get a UAC prompt. Finally, if you want to run the batch file without the UAC prompt, you can go the more obscure task scheduler route: see this post.

Solution 2:

Check out PSShutdown from MS. You can use it with the -o option to log off the Console user, and make a batch file you could run with one click (or one right-click > run as administrator).

PsShutdown is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher).

Also, maybe check out this question: Timeout a User Account?

Solution 3:

As an alternative to my other answer (this question got me thinking!), you could also consider using a combination of two things:

1. Set up a scheduled task on each workstation to run a logoff script. The trigger would be a specific event log entry.
2. Use a .vbs script on your own desktop to post the trigger entry to the event log.

Taking these in turn:

Scheduled Task

You'd need to log in as each user, I think, and add a new task with a custom trigger: Triggers | New | 'On an event' | Custom | New Event Filter | XML | 'Edit manually'. Then use something like the following for the XML:

<QueryList>
  <Query Id="0" Path="Application">
    <Select Path="Application">*[System[(Level=4 or Level=0) and (EventID=4)]] and *[EventData[Data[1]='EVERYBODY_OFF']]</Select>
  </Query>
</QueryList>

That will look for information events in the Application log with the EventID of 4 (information), and the data body of 'EVERYBODY_OFF'. You can read more about event triggers here.

The action should be able to be as simple as shutdown -l, which should trigger a logoff (you'll want to test it).

Trigger Script

The following .vbs script will log the 'EVERYBODY_OFF' event on demand:

const EVENTLOG_INFORMATION = 4
strMessage = "EVERYBODY_OFF"
set objShell = CreateObject("WScript.Shell")
objShell.LogEvent EVENTLOG_INFORMATION, strMessage

Stuff to Test

The bits I'm not sure of, and which will take a bit of testing:

• Is that the event message that is posted global to the machine? I.e., will all users see the task?
• Will the shutdown command run correctly in the context of the target user?

Solution 4:

Here's an interesting article from The Scripting Guys describing forced logoff triggered by event:

http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/10/hey-scripting-guy-how-can-i-log-out-a-user-if-they-launch-a-particular-application.aspx

Suppose you can use logon or explorer.exe launch by user A as trigger event to log out user B.