I was wondering if anybody knows of a good way to enforce a user logoff on a remote machine using kix and/or extra tools.

I'm currently working on a script that is kind of a "command module" for our helpdesk. it connects to a machine's c$ and when it has, it present you all sorts of options what to do with pc (take over with VNC, RCMD, net send etc. etc.)
One of the options is the removal of certain applications.

The probem is that certain applications have one or more files that stay "locked".

I figured by forcing a logoff in a "xnet shutdown" kind of way ensures me the files aren't locked anymore and also the user will receive the logonscript (wich installs the apps again).

I have been looking around now for a while and have read mostly articles stating it cannot be done..

I can always fall back to tools that log off locally and call them using rcmd or anything but i would really like to do it without such a workaround.

is there a way ??

THANX,

MvdW

from Ms KB : http://support.microsoft.com/support/kb/articles/Q234/2/16.ASP

You can use either of the following commands in a batch file to restart Windows 98/Me automatically:

runonce.exe -q
rundll32.exe shell32.dll,SHExitWindowsEx n

where n is one, or a combination of, the following numbers:
0 - LOGOFF
1 - SHUTDOWN
2 - REBOOT
4 - FORCE
8 - POWEROFF

The above options can be combined into one value to achieve different results. For example, to restart Windows forcefully, without querying any running programs, use the following command line:
rundll32.exe shell32.dll,SHExitWindowsEx 6
NOTE: Using the FORCE option can cause programs to lose data.

forgot to mention in first post but we are working nt4.0 only environment. i hav etested this command under nt but it gives an error message:
"Error in Shell32.dll Missing entry SHExitWindowsEx"

but also if it had worked, i would still have to somehow issue the command to run on the remote machine.

What i am actually looking for is a command that is run on my machine and logs off a user on a remote machine.

i would imagine some tool like :
remotelogoff.exe \\remoteip /switch

Any ideas ??

Ok, after playing a little with shell32, the command is exitwindowsex, but i wasn't able to call it (and any other command from shell32)

I think the syntax is not the same, or it can be a missing right. Dunno

Seems you'll need a 3rd party utility.

Anybody ??

------------------
Lonkero

The weardest there is!

i want to log off. just like the shutdown program. but then just logoff.

i am sure that the best way to kill all files is to shutdown, but a logoff is sufficient in this case (trust me...)

is there a way or is there not, if anybody knows pls let me know.

Thanx

Interested in seeing/learning the script you are working on - I take in one goal is manipulate system at command level without end-user knowledge? Also, are you really running RCMD service on every WinNT system?

Bill

Spot on, i could use gazillion of different ways for takeover logoff, but i am a believer in stealth administration.

The script is basically some exploded experiment. The environment i am working in has about 120+ domains all over the world, and most of the data lines are 32k 16k even 8k. besides that 10 helpdeskers and 8 level2 engineers along with 3 service managemnet people have to share a single BISDN line to the main network...

i don't know how many of you have ever tried to work across these types of lines but i can assure you your patience is tested to the MAX. So because there is no proper implementation of WINS nor DNS (don't ask me why, you know large company politics) we need a way of managing all these machines with the least possible amount of user interaction.

it all started out as a script from a colleague that checks for VNC installation, if so it cracks the password from the registry and starts a VNC session (all based on just ip input) otherwise it installs VNC and starts the session.

From there i took over and implemented RCMD in the script, then some basic information gathering, net send, removal of certain applications, map drive, reboot, even built in nameresolving using selfadministered list of servers etc etc.

Real multifunctional tool for helpdesk purposes giving us the opportunity to do a lot of "underwater" troubleshooting.

The last thing that is nagging me at the moment is the logoff. because sometimes it takes up to 15 mins just to send ctrl alt del and click logoff and ok when using VNC.
This wouldn't even have come up in my mind if the lines weren't so damn slow.

everywhere i look on the internet i see logoff .exe etc and posts that it cannot be done remotely but i am still not sure (ther SHOULD be a way shouldn't there ???!?!)

I will post the script as soon as i have the time to strip it from our site specific passwords etc...

Ciao,
MvdW

Bill

------------------
Lonkero

The weardest there is!

I have not tried this, but, how about doing something like this...

Copy the LOGOFF.EXE file to all of the systems.
Create an AT schedule on all of these systems that runs say once every couple of hours. Then have it look for a zero byte size flag file. If not found have the AT service execute the LOGOFF.EXE file. In the Run or Startup group have the system create this zero byte flag file so that the system will not keep logging off accidentally. Then if or when you want to log off a system you can remotely delete this flag file.

Or possibly something like this:

at \\remotecomputer 13:00 cmd "/c logoff.exe"

I also found this resource on the WEB that might work or be helpful. He has a remote logoff utility in pre-beta. http://wwwthep.physik.uni-mainz.de/~frink/nt.html

Please post and let us know if any of these solutions/suggestions work out for you.

------------------
NTDOC...
The dark side is quicker, easier, more seductive.
If you choose the quick and easy path, you will become an agent of evil.

This program consists of two parts: INITLO, a program which runs with SYSTEM privilege and initiates the logoff proces, and LOGOFF, which runs under the user's security context and does the actual logoff, because only the user himself can call the ExitWindowsEx() API with the EWX_LOGOFF parameter (at least I have not found any other way).
Copy INITLO.EXE and LOGOFF.EXE somewhere to the machine where you want to log off the user (you can do this over the network with NET USE \\machine\c$ as Administrator). The designated method to start INITLO is with the AT command (or more comfortably with the SOON command from the NT Resource Kit, because you do not have to specify an absolute time). You can use AT to start processes on other machines on your network. The Schedule service must run on the target machine. If it does not, you can start it remotely with NETSVC from the NT Resource Kit. Therefore you should always be able to use INITLO/LOGOFF even on unprepared workstations completely over the network.

INITLO must run under an account which has SE_DEBUG_NAME, SE_ASSIGNPRIMARYTOKEN_NAME, SE_CREATE_TOKEN_NAME and SE_SECURITY_NAME privileges. By default, only the SYSTEM account (not even the Administrator) has theses privilege. Take this into account if you have configured the Schedule service to run under a different user.

----------------------------------end------------
(The afore- and belowmentioned logoff.exe is not the one in the reskit but written by Alexander Frink see http://wwwthep.physik.uni-mainz.de/~frink/logoff/readme.html)

As i read it, the logoff .exe uses the ExitWindowsEx() API with the EWX_LOGOFF parameter and this can only be called by the logged on user. Initlo can be run from localsystem account and thus by using initlo to call logoff.exe ,logoff.exe is run under user privs.

the strange thing is that when i use AT to schedule it works fine. (he also mentions that scheduler service must run under system account which in my situation it does)

the strange thing is that RCMD service also runs under localsystem account but when i issue the command from an rcmd session it won't work.

Here comes the good (but a bit sad) part. i cannot use the scheduler service because this would create too much delays. Our environment spans ALL timezones and the experience we have is that scheduling in our environment is useless unless you schedule from the local machine... (imho it has to do with shortcomings in the scheduler service from NT)

This is the final solution ...???!!!

i use rcmd (whic is a pity because i have to first make sure in the script that it is installed otherwise install it (meaning a copy of rcmdsvc.exe and a xnet install and a xnet start then another check to see if it runs))
the rcmd command i issue is a soon (have to copy also... hmmpf)
I have to give soon a delay of 60 secs because otherwise it assumes it is the same minute and therefore schedules it the next day (thanx for the 2 sec local delay.. mr m$)
and with that soon i schedule initlo to run the logoff.exe and then it works... syntax:

rcmd \\ipaddress "soon 60 "initlo -g 2""

which works !!!

the problem (or in oter words... a bit strange) is that in this worst case i need to copy rcmdsvc.exe, soon.exe, initlo.exe and logoff.exe to the ws, check/start/check schedule service and install/check rcmd

JUST TO LOG OFF while i can just issue shutdown with a ready made tool.

It's a crazy world in my opinion

Thanx NTDOC for this website, but if there is ever going to be a tool like shutdown (which simply works) i'd much rather use that instead.

I can live with the fact that there is some copying to do and some service checking but i do find it a real pity that the soon command needs a 60 sec delay in order for it to function properly (shame on you MS !)

Better luck in a next life ?!

Ciao,
MvdW

You owe me a BIG Cookie for this one.

I have tested this and it works GREAT!! on our systems. Does not need any installation. Copy to your own system and start the program. Enter the name of the Windows NT/2000 remote system and BANG!!! Restart/Shutdown the system.

Actually I guess you owe the author the cookie, but I want some crumbs for a finders fee.. :-)

Poweroff is a small program for Win95/98/NT/W2K to schedule a
shutdown/reboot/logoff/poweroff at a certain time. I also support
command line options that allows poweroff to be used in batch scripts.
It now also supports shutdown/reboot of a remote computer and the
possibility to warn the user.

http://users.pandora.be/jbosman/applications.html

NTDOC

[This message has been edited by NTDOC (edited 16 June 2001).]

THANKS to ntdoc and jbosman.

it was a nice try by the belgian guy, however also he only supports shutdown/reboot NOT logoff on a remote machine. I think the german guy was right it can't be done. Or at least it can only be done as described above.

regards,

MvdW

I'm sorry, your right. I liked the program so much I forgot you were looking for logoff, not remote restart. You can have your cookie back :-(

From the README
You can use poweroff to do a reboot/shutdown on a remote NT/2000 system
(logoff and poweroff are not supported by windows )

Oh well, sorry about that. Still a nice program for those of us who want these other features.

NTDOC

Thanks anyway, it IS a nice program... i am just an ass i guess always looking for that little bit extra you shouldn't be looking for... (story of my life..)

Lonkero, before you start losing your hairs over this one, read the website of the german guy from the University of Mainz, i think he is trying to say that the logoff API can only be called by an interactive user. This would mean that whatever stunt you pull it better be good (and it should at least be better then just issuing/scheduling some sort of logoff tool from a remote machine, especially if it is ran as a service under the system account)

Anyways, i think we have done enough polluting, the forum is about scripts, not about non-existent MS tools.

Thanx everybody for the help...
over and out

Ciao,
MvdW
(i'm just gonna have me a nice battle with backup exec and maybe after about 6 or 8 hrs of overtime i may finally call it a day...grrrrr)