A Windows administrator can use the logoff command to log off a user session remotely from any Windows computer in the network. In this article, we’ll show how to get a list of sessions on a remote computer using the quser command and end the user session with logoff.
Using Command Prompt to Remotely Logoff Users
Before killing a user’s session in Windows, you need to get the user’s session ID. You can list sessions on the remote computer using the built-in quser console tool. Open a command prompt as an administrator and run the command:
quser /server:server_name
Note. To connect to a remote computer server_name, your account must be a member of the local Administrator group.
The quser command will list all sessions on the remote host, including the console session (SESSIONNAME=Console) and RDP user sessions (SESSIONNAME=rdp-tcp#X).
Note. You can also use the qwinsta command to get a list of user sessions on a remote computer:
qwinsta /server:server_name
Find the user in the list whose session you want to end. For example, we want to logoff the administrator session with the ID = 2.
To end a user session remotely, use the following command:
Logoff sessionID /server:ComputerName
In our example, this is:
Logoff 2 /server:server_name
Check that the user session has ended:
quser /server:server_name
If you want to log off a specific user by username, use the following PowerShell script:
$server = 'dc02'
$username = 'administrator'
$session = ((quser /server:$server | ? { $_ -match $username }) -split ' +')[2]
logoff $session /server:$server
Possible errors when executing the logoff command:
- Could not logoff session ID 2, Error code 5
Error [5]:Access is denied.
This means that you don’t have permissions on this session or you are using a non elevated command prompt. - Error 0x00000005 enumerating sessionnames
Error [5]:Access is denied.
You are running the logoff command under a local user with administrator privileges. For such users, the Remote UAC policy is enabled by default. To disable UAC remote restrictions for local users, create the LocalAccountTokenFilterPolicy registry parameter on the target host with a value of 1.reg add "\\server_name\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
- Error 0x000006BA enumerating sessionnames
Error [1722]: The RPC server is unavailable.
Enable RemoteRPC on the remote machine server_name:reg add "\\server_name\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowRemoteRPC /t Reg_Dword /d 0x1 /f
Logoff Remote Desktop Services Users Using PowerShell
You can use the command prompt to remotely log off user sessions on Windows Server hosts with Remote Desktop Services (RDS) deployed. An RDS server can have multiple user sessions active at the same time.
If you plan to put the RDShost into maintenance mode or install updates, you need to logoff all user sessions remotely. To do this, you first need to put the RDS host in the Drain mode (in this mode, the RDS host blocks new RD connections):
Invoke-Command -ComputerName NYRDS1 ScriptBlock{ change logon /drain }
Now you can end all sessions remotely using a PowerShell script:
$Server='rds01'
try {
query user /server:$Server 2>&1 | select -skip 1 | % {logoff ($_ -split "\s+")[-6] /server:$Server /V}
}
catch {}
Or, you can only logoff RDS user sessions in a disconnected state:
$Server='rds01'
try {
query user /server:$Server 2>&1 | select -skip 1 | ? {($_ -split "\s+")[-5] -eq 'Disc'} | % {logoff ($_ -split "\s+")[-6] /server:$Server /V}
}
catch {}
