Force Log Off

How can I make it so that you can switch users, but when the 2nd person logs in, it forces the first person to be logged out. We have to let people lock their workstations, but if another person needs to log in we need them to kick the other people off.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Need more info... XP or 7? What are you trying to accomplish? Could always hard start the comp... not recommended.
NVITEnd-user supportCommented:
AFIK, users would need at least local admin rights to do so.

Another way, on a Domain, you can enable Fast User Switching. This lets multiple users logon the same workstation.
UMRadAdminAuthor Commented:
I work in a hospital so users must be able to walk there workstations to protect patient data when they walk away. However we have applications that throw up socket errors and use a ton of system resources that cause the next user errors if someone locks the workstation and doesn't log off.

Back in the day when you would log onto a workstation that was already locked by another user it would ask you if you wanted to log the other user off even though it might cause them to lose data. I'm looking for that scenario.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

NVITEnd-user supportCommented:
Another way is to prevent users from locking the workstations in the first place. Under group policy, User Config, Policies, Administrative Templates, System, Ctrl alt del, Remove Lock Computer

One way to logoff idle logons:
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Idle log off is something I recommend, too. Other than that, disabling Fast User Switching should work. This can be done via GPO or in registry, see e. g.
What is the average time a user would be using the station? An action when the system goes to sleep that triggers the logoff is using rundll.exe, another as qlemo pointed is to use  a login script that schedules a task for an hour after logon, that will auto-logout.

Before, single logon with logon to application was the approach, but with ..... That is no longer a good idea as user individual profiles can be compromised I.e. Key loggers,etc.
To disable switch user

HKEY_LOCALMACHINE\SOFTWARE \Microsoft\Windows\CurrentVersion\Policies\System


 In the right-pane, create a new DWORD value named HideFastUserSwitching and set value to 1.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
UMRadAdminAuthor Commented:
I've tested disabling fast user switching, but then the second user doesn't have the option to log on at all.
you have to leave fast switchin, look at using a login startup for all users, that will auto schedule session logout.

@echo off
schtasks or at
to schedule the shutdown /f /l in half an hour or how long you can tolerate
note the issue is if a user leaves an incomplete task, that data can be lost.

there are powershell, vbscript, rundll32, command line options thast achieve the same thing, forcible logoff the users session but it needs to be verified whether a limited user can trigger their own loggoff with these commands.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Thinking more about it, idle logout or logout on lock (triggered by the security event 4800) using a scheduled task seems to be your only options.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.