Log off all but current user

Page 1 of 2 12 LastLast

  1. Posts : 5
    Win 10
       #1

    Log off all but current user


    Hi,
    I have a computer that my kids use for their schoolwork and need to find a way to enforce logging off all but the current user.
    I have "microsoft family" limiting the amount of time the kids can spend on the computer each day and when they run out of time it simply locks their local computer account instead of logging off. (Of course, telling them to log off before time runs out has had mixed results.)
    When the next kid logs in, the system is slow because one or more previous are already logged in.
    How can I set up this computer to log out all but the current user? I know this may mean that some user loses their work or context when their session is force-logged-out.
    I already have disable fast user switching set, as well as the new setting to prevent logging in the current user after restart.
    Is this a local policy thing, or a script I'll need to set to run?

    Thanks,
    Ari
      My Computer


  2. Posts : 17,661
    Windows 10 Pro
       #2

    Hi Ari, welcome to Ten Forums.

    Open an elevated PowerShell (tutorial). Enter following command to query signed in users (#1 in screenshot):

    quser

    Note the ID of those users you want to log off (#2 in screenshot):

    To log off another user, use the following command replacing ID with actual ID of the user in question:

    logoff ID

    In my case now, I want to log off users 3, 4 and 5. To do it, I use the following command (#3 in screenshot):

    logoff 3 | logoff 4 | logoff 5

    Querying signed in users now, I can see that all other users have been logged off (#4 in screenshot).

    Log off all but current user-image.png
    (Click to enlarge.)

    Please notice that command logoff forces the log off, regardless if the user has unsaved documents. In this case, all changes since last save will be lost. Be careful, using command logoff without ID or any other parameters logs off the current user.

    Kari
      My Computer


  3. Posts : 5,478
    2004
       #3

    To extend @Kari's answer, you could scan for all users with a status of "Disc" and log them off without needing to note down the session ID.

    Code:
    quser | Select-String "Disc" | ForEach {logoff ($_.tostring() -split ' +')[2]}
    Log off all but current user-capture.png

    You could then make a shortcut (would have to run as admin) to logoff everyone (except current user) automatically.

    Note that if you had any users whos names contained the letters "Disc" (I can't think of such a name but it is obviously possible) it would log them off too so you may need to change the Select-String argument if that was the case. You would need to scan for lines containing "Active" or "console" and not containing "LOGON TIME" but the best solution would depend on the names of your users (depending if you had a user called "Active" for example).

    See here too : Powershell command to kick disconnected users off a server - Stack Overflow
      My Computer


  4. Posts : 5
    Win 10
    Thread Starter
       #4

    Thank you both for the suggestions. I notice this works when I log in as an administrator user, but not when I log in as a normal (non-admin) user.
    Here's what I've done:
    I have made a powershell script with this text
    Code:
    quser | Select-String "Disc" | ForEach {logoff ($_.tostring() -split ' +')[2]}
    and placed it in the C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon folder.
    Then I ran the Local Group Policy Editor gpedit.msc, and browsed to Local Computer Policy --> User Configuration --> Windows Settings --> Scripts (Logon/Logoff) --> Logon, and have set the above script to run at logon. I also set the parameter "-executionpolicy bypass"
    Log off all but current user-2018-09-25_7-03-37.png

    I suspect that the logon script needs to be run as administrator. Is there a way I can elevate its privileges? Or is there a better way for me to accomplish this?

    Thanks again.
      My Computer


  5. Posts : 5,478
    2004
       #5

    adoucette said:
    I suspect that the logon script needs to be run as administrator. Is there a way I can elevate its privileges? Or is there a better way for me to accomplish this?
    It does need to run as administrator, yes. As far as I know you can't do that by GPO as the scripts run with users standard privileges. I don't find self-elevating scripts work here (but you could try nSudo perhaps - I don't know if it would work).

    You can run things elevated by using task scheduler, or you can make aa administrator shortcut and approve UAC manually.

    See these :
    Create Elevated Shortcut without UAC prompt in Windows 10 | Windows 10 Tutorials
    Run as Administrator in Windows 10 | Windows 10 Tutorials
      My Computer


  6. Posts : 5
    Win 10
    Thread Starter
       #6

    Here is the script I'm using:
    Log off all but current user-2018-09-26_7-37-00.png

    I have tried setting it up instead in Task Scheduler.
    The (above) script is set to run with highest privileges, whether admin logged on or not, and configured for Windows 10. (Then when saving the task I enter the administrator user's password):
    Log off all but current user-2018-09-26_7-24-42.png

    The trigger is, of course, logon of any user:
    Log off all but current user-2018-09-26_7-27-32.png

    And the Action is to run the script. I have tried this with and without the "-executionpolicy bypass" argument:
    Log off all but current user-2018-09-26_7-29-34.png

    Unfortunately, this still is not working to log off users.
    If I run the task manually it will work. But it doesn't work on logon, either when normal users log on, or with the administrator user logs on.

    What am I missing here?
    Thanks again for the assistance.
      My Computer


  7. Posts : 3,271
    Win10
       #7

    Just a thought:


    Have you tried it like this:

    in Program/Script box:
    powershell.exe -executionpolicy bypass -file "C:\temp\myscript.ps1"
    leave arguments box empty

    or
    in Program/Script box:
    powershell.exe
    in arguments box:
    -executionpolicy bypass -file "C:\temp\myscript.ps1"

    1: Basically put -executionpolicy bypass argument before the script name.
    2: Also try without -file argument if it doesn't work


    (Qoutation marks required for file folder names with spaces)
    Last edited by das10; 30 Sep 2018 at 17:58.
      My Computers


  8. Posts : 5
    Win 10
    Thread Starter
       #8

    das10 said:
    in Program/Script box:
    powershell.exe -executionpolicy bypass -file "C:\temp\myscript.ps1"
    leave arguments box empty
    (Qoutation marks required for file folder names with spaces)
    Thank you. That worked.

    Now when standard (non-admin) users log on, the script logs off all other users.
      My Computer


  9. Posts : 3,271
    Win10
       #9

    Glad it worked how you wanted it to work.
      My Computers


  10. Posts : 3
    windows 10, and server 2022
       #10

    Sorry to bring this back from the dead but I was astounded how hard this was to accomplish. Thought I would post my experience in hopes that it helps somebody else along the way.

    We have some medical software that does not work right if there is another instance of the software open in another profile on the same computer. In a busy office employees always forget to log out of their account before leaving the room, then another person comes in and logs in to the computer opens up the software and then it does not work right because it is already running in a different user profile. What I wanted to obtain was making it so that only one user could be logged in at a time however if the screen locks itself you do not have to go find that person to unlock it and log out then let you log in because that would be very inconvenient. Thus disabling fast user switching was not really an option. Using this script as a task was the answer for our office. We are running a windows domain and deployed this through group policy which was less then straightforward as well.

    So some things I learned along the way, Microsoft has changed a few times over what things will work in task scheduler but has not updated it in group policy as in not allowing the options. I was successful at setting this script up on a local machine running as the administrator however we wanted to deploy this to over 35 workstations which would have made it very time consuming.

    So first thing you have to do is set up a group policy object in the appropriate OU for the machines you want it it to apply to. For us it his was all computers so we put it in the computers root OU. Then edit the policy and go to computer config > Preferences > Control Panel Settings > Scheduled Tasks Create a new task by right clicking go to "Scheduled Task (At least windows 7).

    Then under action select Create , name it whatever you want.

    This next step is where we were stuck for awhile. You can no longer set tasks to run as a specific user via group policy due to a security update MS put out awhile ago. However you are still allowed to set tasks to run as the system account and that is where the secret is to get this to work through group policy.

    Simply Hit Change user or group , type in "System" hit check names and should find SYSTEM then click okay and it should now say NT AUTHORITY\System for the user you are going to run it as. Then select Run whether user is logged on or not and select configure for windows 7, windows server 2008R2. There is no windows 10 option as there is on the computer itself.

    The rest of this is pretty much as others have posted above. We simply put the script itself in a shared directory with read only access to all authenticated domain users and reference it from this shared directory under the actions section vs having it stored locally on the computer.

    Do a GPUPDATE /force log off and log back in you should see your new logoff script working great in the task scheduler. it still shocking to me how much work this was to get this behavior out of windows, I don't know why this is not a simple option in group policy to deploy lot of other people must desire this behavior but I guess not.

    Hope this helps somebody out there trying to accomplish the same thing. Good luck and thank you so much to all above who contributed to this thread it took me days of trolling through forums and posts and searching until a stumbled on this little clue that got us going in the right direction to a working solution to our problem!!!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:11.
Find Us




Windows 10 Forums