Windows batch command to logout a specific User - windows

I need to write a batch-script that logs off a specific user, which is connected via remotedesktop to a Windows Server 2016.
On Linux i can just write pkill -u "Username" and now i am looking for an altanative on Windows.
I need to close the Session from the User so I can delete him.
I have tried to remove the user from the remote desktop user group but this does not close the current session.
Can anyone help me with this problem?
Thanks

Related

Script to Log into several user accounts

We manage several laptops that are used for emergency situations and thus are rarely used (knock on wood).
When we start up these laptops periodically to run windows updates, we also sign in with several user accounts for each laptop in order to keep the profile up to date.
Is there a way to automate the logging in of each account with a script?
For example, I could log in as administrator, run the script and the laptop would do the following:
Log out my administrator account,
sign in with useraccount 1, log out
sign in with useraccount 2, log out
sign in with useraccount 3, log out
I havent had much luck in googling this type of thing and was hoping someone here might have an idea.
I simply cant find a script that logs in with a user account.
The closest I can find is recommending auto signin but that only applies to one account and not what I need for this task.
Globally, you can't do that: it would break security if you were allowed to interact, programmatically, with the login screen.
IF it's possible, I would look to a way to do the login to remote machine through either Telnet (not recommended! but can be done with standard Windows tools) or SSH (will need a SSH server). If you can do the upgrade this way, then you're saved, in particular with SSH because you can avoid passwords' sharing through key exchange - probably won't work with domain accounts, however, but local accounts will be fine.
Otherwise, if you require to really open a Windows session, best you can do, IF your configuration allows it AND if it works (regarding the profile's update) is to connect through RDP (Remote Desktop) to each laptop, with each login.
You'll need to establish a RDP connection to each laptop from a "pilot" PC, save each connexion individually within a .rdp file, saving password inside the connection file.
Then, you can launch the connection with the command mstsc <machine+account>.rdp to establish a connection. A bit later, you can kill the connection (with either taskkill or through a pilot process / tool, I would use AutoIt for this preferably).
If password saving is an issue, then each employee should have its own set of RDP files. Through something like Autoit, in particular, you can input the password once, and fill automatically each password prompt.
The tricky part would be to know when it's time to close the remote desktop. I would try to automatically execute a command to distant computer that would reboot it once done, so your remote desktop would close automatically.
Anyway, it will be a real gas plant to implement all this in a smooth process...

WIndow's ssh service defaults to admin permission

Connecting remotely into a windows machine using the OpenSSH service provided by windows always starts an elevated session.
Is it possible to start a non elevated session and elevate after the fact? if so how?
Based on this github discussion: https://github.com/PowerShell/Win32-OpenSSH/issues/1652
bagajjal:
For admin users, ssh connection is an elevated session. Given you are
an admin and has elevated session, you can write to c:\windows.
This is by design.
jborean93:
The biggest issue when you were to use the limited token after an SSH
logon is that you cannot then get your elevated token. On an
interactive logon you can right click and say Run as administrator and
confirm through the UAC prompt but on a network logon like SSH there
is no way for UAC to prompt you. So if this was a functionality you
will never be able to swap from the limited to full token of your
admin account.

SendInput or similar from windows service (session 0) in Windows 8 to login screen

As I understand, when we start windows it starts Session 0 which does not connect to any GUI, etc. and runs all windows services. So my task is, after windows was started, emulate windows input for selecting user and login to is session. I know that for sending input from service I should run desktop app and through it send input, show GUI, so on, but how can I do it before any user session was start? (for example I see that TeamViewer can do it)
WTSGetActiveConsoleSessionId() will tell you which session is attached to the physical console.
You can then duplicate your security token with DuplicateTokenEx(), change the new token's session with SetTokenInformation() and the TokenSessionId option, and launch a process with CreateProcessAsUser().
The new process should then be running in the right session, but it may also need to attach itself to the right desktop before it can interact with the logon interface. You can use EnumDesktops() to list the available desktops, and trial and error to determine which one the logon interface runs in. (Note that this may be different in different versions of Windows.)

Getting mail on windows logon with username of logged-in user

I am trying to create action task that will send mail when anyone logs in to a particular system with username of a logged in user.
I am very new to this task since I never worked as a system admin anytime.
What I think I should do is to specify a program to execute when log-in event occurs, but am not aware of what sort of program I should. I thought it should be exe file.
Q. Can I specify vbs file?
Q. If yes what should be the content of vbs? Is there any ready made script available for accomplishing the same?
Q. Also not sure where to specify it. Is this below screen where I can specify it:
Q. Also this I am trying to do on windows 7 which is in network with AD configured on Windows Server 2008. So where should I specify the action? on server or on this particular Win 7 machine?
If u have AD, you can use logon scripts (*.cmd | *.vbs) and specify it for each clients.
To send email by the command line, try to use smth like telnet smtp.gmail.com 25/465.

windows batch file to call remote executable with username and password

Hi I am trying to get a batch file to call an executable from the server and login. I have a monitoring program that allows me send and execute the script. OK here goes....
//x3400/NTE_test/test.exe /USER:student password
Now this doesn't work. The path is right because when I type it in at the run menu in xp it works. Then I manually login and the script runs. How can I get this to login and run that exe I need it to?
Part 2:
Some of the machines have already logged in with the password saved (done manually). Should I have a command to first clear that password then login?
Thanks for any replies, I appreciate the help
Jake
(note: this question probably belongs on serverfault.com or superuser.com)
If the login that needs to happen is the login for the network share, you can have your script do that using the net use command:
net use //x3400/NTE_test /USER:student password
//x3400/NTE_test/test.exe
If the login is something specific to the ``test.exe` program, then you'll have to find out from its documentation how to pass credentials on the command line.
In either case, you need to consider the security implications of having a user's password in a script. If the user is has an account with the same name and password on the x3400 server as on the machine he's running on (or if the x3400 machine is in the same domain as his machine), there should be no need for him to provide credentials. This might be a better way to handle the password.

Resources