Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

Logging off a User

Hello everyone,

I work in a very large network and we have users that use a different computer every day.  This causes much grief when the user changes their password and left themselves logged into a computer, with the old password, on the network.  Is there any way to find out what computer they are logged into or is there an equivalent command to the OLD Banyan command of "mlogout" to forcefully log the user off of every workstation they are logged into?

Thanks,
Steve
0
stevespears
Asked:
stevespears
  • 2
1 Solution
 
sstoyanovichCommented:
Well, if you know the name of the locked machine, from another machine you can run this vbscript to log them off.

computerName = "theMachineName"
Set objWMIService = _
     GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" _
     & computerName & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
      ObjOperatingSystem.Win32Shutdown(0, 0)  ' log off
Next

You must run this using an account that has admin privileges on the remote machine, like a Domain Admin account.

As for finding out who is logged on where, you can have your logon script save a line with username / machineName / date in a central log file that you can search to find all logins.

Better yet, since you're in an enterprise, it calls for an enterprise solution.  Did you know that the security Event logs on the domain controller that logged the user in contain entries when the session (now running with the old password) is causing security failures?  I suggest an Event Log monitoring solution.  I use this one:  http://www.objsoftinc.com/files/Products/EventMaster.asp.  You can "subscribe" to be notified by email whenever there are Event Logs on your DC's indicating that an account is locked out.  You can then open the email, and see the Event Log entry - it indicates which account AND FROM WHICH MACHINE.  You can then use the script above to log out the user from that machine.

S
0
 
sstoyanovichCommented:
Well, I tried to provide an answer.  The Asker never indicated whether it was good or not.  Cost me time though..
Thanks,
Sandra
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now