Windows : logoff from command line
We can logoff a user session by clicking on the Logoff button in the start menu. We can logoff from command prompt(CMD) too using shutdown command. You need to run the below command.
Shutdown is a Windows in-built command. We don’t have to install it separately. Note that we can run this command from windows Run window also. This command works on all windows editions. (XP, Vista, Server 2k3/2k8, Windows 7)
There’s another command Logoff which also serves the same purpose. This command can be used to logoff sessions on the remote computers also. Find syntax below for this.
To logoff on the current system
This does not accept user name and passwords so it uses the credentials of the current logged in user on the host system.
How to force logoff without waiting for user confirmation to terminate the running applications?
The above commands do forced logoffs.В They kill all the applications one by one and at the end logs off the user.
If I want to login from command line, how do I set it up?
Open Task manager, click on Users, Right Click, manage user account, it will open control panel. It the path above, open cmd from here. shutdown -l to log out.
Login again. It works.
need to logoff but cannot
i need to log out from anther user with the user name
sameing like that…
logoff username:moss /server:172.19.19.50
Logoff
Applies To: Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows 8
Logs off a user from a session on a Remote Desktop Session Host (RD Session Host) server and deletes the session from the server.
For examples of how to use this command, see Examples.
In Windows Server 2008 R2, Terminal Services was renamed Remote Desktop Services. To find out what’s new in the latest version, see What’s New in Remote Desktop Services in Windows Server 2012 in the Windows Server TechNet Library.
Syntax
Parameters
Specifies the name of the session.
Specifies the numeric ID which identifies the session to the server.
Specifies the RD Session Host server that contains the session whose user you want to log off. If unspecified, the server on which you are currently active is used.
Displays information about the actions being performed.
Displays help at the command prompt.
Remarks
You can always log off from the session to which you are currently logged on. You must, however, have Full Control permission to log off users from other sessions.
Logging off a user from a session without warning can result in loss of data at the user’s session. You should send a message to the user by using the msg command to warn the user before taking this action.
If or is not specified, logoff logs off the user from the current session. If you specify , it must be an active one.
When you log off a user, all processes end and the session is deleted from the server.
You cannot log off a user from the console session.
Examples
To log off a user from the current session, type:
To log off a user from a session by using the session’s ID, for example session 12, type:
To log off a user from a session by using the name of the session and server, for example session TERM04 on Server1, type:
How to track users logon/logoff
This article describes how to track users logon/logoff.
Original product version: В Windows Server 2003
Original KB number: В 556015
This article was written by Yuval Sinay, Microsoft MVP.
Summary
The following article will help you to track users logon/logoff.
Option 1
Enable Auditing on the domain level by using Group Policy:
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy
There are two types of auditing that address logging on, they are Audit Logon Events and Audit Account Logon Events.
Audit «logon events» records logons on the PC(s) targeted by the policy and the results appear in the Security Log on that PC(s).
Audit «Account Logon» Events tracks logons to the domain, and the results appear in the Security Log on domain controllers only.
Create a logon script on the required domain/OU/user account with the following content:
Create a logoff script on the required domain/OU/user account with the following content:
Please be aware that unauthorized users can change this scripts, due the requirement that the SHARENAME$ will be writeable by users.
Option 2
Use WMI/ADSI to query each domain controller for logon/logoff events.
Community Solutions Content Disclaimer
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED «AS IS» WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
logoff
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Logs off a user from a session on a Remote Desktop Session Host server and deletes the session.
Syntax
Parameters
| Parameter | Description |
|---|---|
| Specifies the name of the session. This must be an active session. | |
| Specifies the numeric ID which identifies the session to the server. | |
| /server: | Specifies the Remote Desktop Session Host server that contains the session whose user you want to log off. If unspecified, the server on which you are currently active is used. |
| /v | Displays information about the actions being performed. |
| /? | Displays help at the command prompt. |
Remarks
You can always log off yourself from the session to which you are currently logged on. You must, however, have Full Control permission to log off users from other sessions.
Logging off a user from a session without warning can result in loss of data at the user’s session. You should send a message to the user by using the msg command to warn the user before taking this action.
If or isn’t specified, logoff logs the user off from the current session.
After you log off a user, all processes end and the session is deleted from the server.
You can’t log off a user from the console session.
Examples
To log off a user from the current session, type:
To log off a user from a session by using the session’s ID, for example session 12, type:
To log off a user from a session by using the name of the session and server, for example session TERM04 on Server1, type:
Audit Other Logon/Logoff Events
Applies to
- Windows 10
- Windows Server 2016
Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events.
These other logon or logoff events include:
A Remote Desktop session connects or disconnects.
A workstation is locked or unlocked.
A screen saver is invoked or dismissed.
A replay attack is detected. This event indicates that a Kerberos request was received twice with identical information. This condition could also be caused by network misconfiguration.
A user is granted access to a wireless network. It can be either a user account or the computer account.
A user is granted access to a wired 802.1x network. It can be either a user account or the computer account.
Logon events are essential to understanding user activity and detecting potential attacks.
Event volume: Low.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|---|---|---|---|---|---|
| Domain Controller | Yes | Yes | Yes | Yes | We recommend Success auditing, to track possible Kerberos replay attacks, terminal session connect and disconnect actions, network authentication events, and some other events. Volume of these events is typically very low. Failure events will show you when requested credentials CredSSP delegation was disallowed by policy. The volume of these events is very low—typically you will not get any of these events. |
| Member Server | Yes | Yes | Yes | Yes | We recommend Success auditing, to track possible terminal session connect and disconnect actions, network authentication events, and some other events. Volume of these events is typically very low. Failure events will show you when requested credentials CredSSP delegation was disallowed by policy. The volume of these events is very low—typically you will not get any of these events. |
| Workstation | Yes | Yes | Yes | Yes | We recommend Success auditing, to track possible terminal session connect and disconnect actions, network authentication events, and some other events. Volume of these events is typically very low. Failure events will show you when requested credentials CredSSP delegation was disallowed by policy. The volume of these events is very low—typically you will not get any of these events. |
Events List:
4649(S): A replay attack was detected.
4778(S): A session was reconnected to a Window Station.
4779(S): A session was disconnected from a Window Station.
4800(S): The workstation was locked.
4801(S): The workstation was unlocked.
4802(S): The screen saver was invoked.
4803(S): The screen saver was dismissed.
5378(F): The requested credentials delegation was disallowed by policy.
5632(S): A request was made to authenticate to a wireless network.
5633(S): A request was made to authenticate to a wired network.
