Kaseya Community

Log Off All Sessions

This question is answered

Pre-requisite Information:  I'm running VSA  All of the client PC's I'm working with run either a 32-bit or 64-bit version of Windows 7 Pro.


Goal:  At 8 pm every night, use an Agent Procedure to check all the client PCs on our network for one or more employees that are still logged into them locally.  For those PCs that do have one or more employees still logged into them, force those users to be logged out of the PC.  (Closing any open applications and not saving any unsaved documents.)

Successes:  I can force one user logged into a test 64-bit Windows 7 Pro PC with applications and unsaved documents open using the below script:


Problem:  If more than one user is logged into this test box, I haven't found a modification to this agent procedure that will kick them all off.

NOTE:  They all have the KaUsrTsk.exe process running.

Trials:  I've changed the above executeShellCommand statement to "Execute as System".  I've also added the "UseCredential()" statement to this procedure (which uses the domain admin username and password).  Finally I removed the "UseCredential()" statement from this procedure and added the "ImpersonateUser()" statement with the domain admin username and password as the variables in this statement.

Results:  During all of these trials Kaseya notes that the script ran successfully.  However I can confirm via KLC that none of the users were logged off.

NOTE:  By going into KLC, clicking on the Task Manager, and then clicking on the Reboot tab, I can force all users to log off using the "Log Off All Sessions" link.

So does anyone in the Kaseya Community have a good way of accomplishing my goal?


Verified Answer
All Replies
  • How about just forcing a reboot of the machine with users logged in if you don't care about their data?

  • Zippo,

    Some of the PCs are encrypted laptops.  When the laptop is rebooted it stops at an encryption password prompt before it loads the OS.  So if the laptop is rebooted we have to get into that employee's office and enter the encryption password manually to get the PC to finish the boot up process.  Therefore just having them log off would be best.

  • Good explanation. OK. How about modifying an using a powershell script such as this one?


  • If it is Bitlocker encryption then you suspend protection to bypass the boot password, just remember to resume the protection again after the reboot.

    Disable Protectors on System drive

    manage-bde -protectors -disable %SystemDrive%

    Enable Protectors on System drive

    manage-bde -protectors -enable %SystemDrive%

    Bitlocker status on System drive

    manage-bde -status %SystemDrive%

  • Zippo,

    Thank you for that suggestion. I'll try running that script on my test PC.

  • HardKnoX,

    We're using TrueCrypt for our drive encryption software.  Since TrueCrypt is no longer supported by its authors, we're looking at Bitlocker among other hard drive encryption applications.  Thank you for the tip.

  • Zippo,

    After slightly modifying that PowerShell script, and then figuring out how to use it in the agent procedure I had created, I can confirm that it does the job I needed it to do.  Thank you very much.

  • Can you post your PS Script and Agent Procedure? Thanks!

  • I'm glad to hear that it worked for you, asmith77, and thanks for letting us know.

  • Billmccl,

    Here is the agent procedure:

    Here is the PowerShell script:

    function RemoveSpace([string]$text) {

          $private:array = $text.Split(" ", `


          [string]::Join(" ", $array) }


    $quser = quser

    foreach ($sessionString in $quser) {

        $sessionString = RemoveSpace($sessionString)

        $session = $sessionString.split()


        if ($session[0].Equals("USERNAME")) {

        continue }

        # Use [1] because if the user is disconnected there will be no session ID.

        $result = logoff $session[1] }

  • Thank You @asmith77!!

  • You're welcome. :)