How do I script the logoff of disconnected RDP sessions?

There’s a (relatively) well known Group Policy that is designed to logoff idle/disconnected RDP sessions from terminal servers.  In reality, I’ve found it very hit and miss, and have now resorted to running a custom Scheduled Task to accomplish the same goal.

This script is designed to logoff any Disconnected session (on the machine where the script is run from) that has been idle for more than 1 hour.  I’ve deliberately left the option open to easily modify this to any preferred idle timeout, as you’ll see below with the if/elseif sections. This could be tidied up into a single ‘if’ block when you know what setting you’re using.

Note – you could also run this remotely (Windows Firewall state permitting) by changing the reference to “localhost” to any remote server.

 

 

10 Comments How do I script the logoff of disconnected RDP sessions?

  1. joe

    Hi Kamal, Is this a powershell script or a vbs script? Also, if I by remote server do you mean the actual server name? Is there a way to run this remotely to multiple servers, instead of having to specify each individual server?

    Thanks,
    Joe

    Reply
    1. Kamal

      Yes – you could start with any array of server names – generated from a get-adcomputer command, or maybe pulling in from a text file – lots of options.
      Once you’ve got your server names into an array of strings (eg: $servers), then wrap the above in:
      foreach ($server in $servers) {
      #use $server in place of localhost
      }

      Reply
  2. nanjunda

    hi kamal.

    In this script i want one small change as administrator only should not logoff like that need make, can you please help me?

    Reply
    1. Kamal

      It’s a little more complicated, but not too hard.
      In the script, $line is split into different strings – one of those will be the username (specifically $line[1]).
      You could use get-aduser $line[1] – and then check its memberof property to see if it’s in an Admin group. If it is, ignore it, otherwise logoff the session.

      Reply
  3. Tom

    Hello Kamal,
    How do I modify the script to log off users that have been in disconnected state for greater than 10 minutes?

    Reply
    1. Kamal

      I would run the script as a Scheduled Task more frequently to check the idle time. If you wanted to be very specific about the 10 minutes rule, maybe run it every minute (but that seems extreme). Up to you.

      Change this:

      $idletime = $line[4];

      To this:

      $idletime = [int]$line[4];

      (That’ll typecast the idle time as an integer.)

      Then change this:

      # Check if idle for more than 1 day (has a '+') and log off
      if ($idletime -like "*+*") {

      To this:

      # Check if idle for more than 9 minutes and log off
      if ($idletime -gt 9) {

      Reply
    1. Kamal

      You would need to run the script at least once per hour (maybe every 30 minutes, just to be on the safe side), and change this line:

      if ($idletime -like "*+*") {

      To this:

      if ($idletime -like "*8:*") {

      Reply
  4. Mark

    Hi Kamal, was getting errors on this when I noticed that line 20 needs a closing double-quote for “*+*” in order to run the script without error. Brilliantly simple and works like a charm otherwise. Thanks for posting this and saving us time!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *