Solved

Terminate User Sessions

Posted on 2004-08-25
10
494 Views
Last Modified: 2010-04-12
I need to find a method (script?) that will terminate all open user sessions at a specified time of night. this would be scheduled to run in Task Manager. Turns out some users aren't logging off correctly and leaving some connections to files open. This is causing problems with our business management application which runs various utilities every night, including reindexing our database. This has been failing since several files have been reported to have been in use and the application needs exclusive use of these files. Since several are still open, the file(s) are reported as "locked by another user".

Ive looked through MS scripting site, but haven't found anything yet.


Thank you,
Steve
0
Comment
Question by:i601254
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 9

Expert Comment

by:jdeclue
ID: 11893480
Here is an answer, but it doesn't use scripting.

If it is appropriate, you can set the users to not be able to Login for a period in there user accounts, then you can set a GPO that will force their disconnection after logon hours on a specific Acitve Directory container, that has the servers you need them to be kicked out of in it. The one problem with this method, is that while it will disconnect them from the server and their session, the user won't be able to logon to the network during the black out period.

Open a user account, select Account, and then click on Logon Hours. Remove the period of time needed.
Create a new OU for the servers, create a GPO on the OU. Set the policy:
Computer COnfiguration | Windows Settings | Local Policies | Security Options | "Force Logoff when logoff hours expire" Enable

J
0
 
LVL 5

Expert Comment

by:tebacher
ID: 11893585
I'm not sure what you want the users to log out of...? is it a terminal server or a fileserver or what?

I have a script that will work to log users off a terminal server, but I'm not sure if that's what you need.
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11896398
Here is a vbscript that will do it for you:

Create a computernames.txt file with a list of all computernames that should be logged off. Call up the script from task scheduler and presto!

'###################################

Set oTS = oFSO.OpenTextFile("C:\computernames.txt")

'Set remote credentials
sUser = "administrator"
sPassword = "password"

'open list of client names


Do Until oTS.AtEndOfStream
 
 'get next client name
 sClient = oTS.ReadLine
 
Dim filesys, demofile
Set filesys = CreateObject ("Scripting.FileSystemObject")
Set demofile = filesys.GetFile("c:\boots\" & bootpath & "\boot.ini")
demofile.Copy("\\" & sClient & "\c$\")
 
 'get WMI locator
 Set oLocator = CreateObject("WbemScripting.SWbemLocator")

 'Connect to remote WMI
 Set oConnection = oLocator.ConnectServer(sClient, _
   "root\cimv2", sUser, sPassword)

  'issue shutdown to OS
 ' 4 = force logoff
 ' 5 = force shutdown
 ' 6 = force rebooot
 ' 12 = force power off
 Set oWindows = oConnection.ExecQuery("Select " & _
   "Name From Win32_OperatingSystem")
 For Each oSys In oWindows
   oSys.Win32ShutDown(4)
 Next

Loop

'close the text file
oTS.Close

'########################################3
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 
LVL 2

Accepted Solution

by:
Ranidae earned 50 total points
ID: 11896425
Sorry... Go for this one... I forgot to clean the boot.ini section I use out of the one above.  Same instructions though.

'########################################
Set oTS = oFSO.OpenTextFile("C:\computernames.txt")

'Set remote credentials
sUser = "administrator"
sPassword = "password"

'open list of client names


Do Until oTS.AtEndOfStream
 
 'get next client name
 sClient = oTS.ReadLine
 
 'get WMI locator
 Set oLocator = CreateObject("WbemScripting.SWbemLocator")

 'Connect to remote WMI
 Set oConnection = oLocator.ConnectServer(sClient, _
   "root\cimv2", sUser, sPassword)

  'issue shutdown to OS
 ' 4 = force logoff
 ' 5 = force shutdown
 ' 6 = force rebooot
 ' 12 = force power off
 Set oWindows = oConnection.ExecQuery("Select " & _
   "Name From Win32_OperatingSystem")
 For Each oSys In oWindows
   oSys.Win32ShutDown(4)
 Next

Loop

'close the text file
oTS.Close
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11896510
Word of caution... never a good habit to put Username and password in a script, the priviliges required to log into a workstations WMI provider and issue a logoff command is local administrator. Ranidae do you know how to do this using the privilages of the scheduled job?

J
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11896907
I'll be honest, I run the script from the server as a scheduled task.  The account used is added to the local admin groups of every machine to ensure that it works.  It's actually a domain users account that resides in a totally locked down OU.  Only it's membership in the local admin groups could be considered dangerous, and heck, that's what imaging is for. :)

Also, none of the users in my environment are savvy enough to cause any harm, specially since they mostly are never there when the script runs.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11898545
Yeah, I am used to large environments and federal customers. Probably not a big deal.

J
0
 

Author Comment

by:i601254
ID: 11902075
Thank you for all your responses. However, I should try and clarify...it's not really the physical pc's I need to disconnect, but rather user accounts that still have connections to open files on the server (under "computer management ->shared folders->open files"). I need to close all those open file connections prior to our one particular application running through it's night cycle.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11903016
Setting the logon period under the accounts, in AD and enabling force logoff after when logon period expires, will only remove the users connections to the servers that have the policy applied. So if you were to set a 15 minute period on the user account in which they can't log in (like, 1:45 - 2:00am), on the servers that you set the policy on, it will disconnect the user sessions at 1:45am.

J
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11908347
And forcing the log off will also close all connections to the server... depending on the amount of users, it may be quicker to just use the script then set hours for each user indiviually.  Though if someone has a scripted method to change logon time, I'd love to see it!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question