Windows: Automatically logout a User on inactive

Hi,

Windows has no Group policy or setting to logout/logoff a User if its inactive.

My solution is to define a Schedule Task to log the User out on idle.

Start the Task Scheduler and create a new Task. In the Security Groupbox choose all user which should affected by the task. in my example all Users of the BUILTIN\Users Group.

Create Task General Tab

Create Task General Tab

 

Set the trigger to “on idle”

Create Task Trigger Tab

Create Task Trigger Tab

Action is to execute “C:\windows\system32\logoff.exe”

Create Task Action Tab

Create Task Action Tab

And as condition the idle time, here 30 Minutes

Create Task Action Tab

Create Task Action Tab

Here is the Task exported as XML file

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <Triggers>
    <IdleTrigger>
      <Enabled>true</Enabled>
    </IdleTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <GroupId>S-1-5-32-545</GroupId>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT30M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>true</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>true</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\windows\system32\logoff.exe</Command>
    </Exec>
  </Actions>
</Task>

Save it and import the task

c:\> SCHTASKS /Create /TN "Autologout" /XML "C:\temp\Autologout.xml"

Michael

Advertisment to support michlstechblog.info

Add a comment »6 comments to this article

  1. Can you elaborate on the difference between “Start the Task Only if the Computer is Idle for….” and “Wait for Idle For…”. With your task above, will logoff happen after 1 hour of idle time, or 30 minutes? Do you also know if there is a time limit this can be set to? I am looking for more of a 6 hour of idle window. Thanks a lot, great step by step write up.

    Reply

    • Hi Eduard,

      if the trigger is set to “On idle” the “wait for idle” option makes no sense. But you can enable these conditions also on other triggers.

      An example: If a trigger (other then “on idle”, for example at “at an event”) is fired and the “Start the task if idle for”=10min and “Wait for idle for”=60min, then the computer must enter to idle state within 50min after trigger when the action should fired. Later idle states are no longer in scope.

      You can edit the text within the dropdown box. Try it and enter your timeouts http://imgur.com/a/5d79V

      Michael

      Reply

  2. Michael thanks for the reply. So if I leave the trigger as On Idle, and make the values 6 hours (Start if Idle for) and 7 hours (Wait for Idle fot) the logoff WILL happen in 6 hours idle (give or take the 15 minutes Windows does for idle checking). Do I have this all right? Sorry, wish Microsoft worded it better and sorry if this was a double post.

    Reply

  3. Michael one last question. How are you delivering this? GPO? We have attempted to delivered it via a StartUp Script to our domain users, but, it seems they don’t have the rights to run schtasks. We’ve tried utilizing /RU, /U, /RP, /P to provide local Admin credentials, but, so far no luck. We could go the GPO route, but, we’re looking to avoid it if possible. Thanks once again.

    Reply

    • Hi Edward,

      you can define Schedule Task by GPO

      https://technet.microsoft.com/en-us/library/cc725745.aspx

      but only possible by domain and not local GPOs.

      I have maintenance task on each client (not domain members) which runs with system permissions, the task is already defined in my base windows image 🙂

      Michael

      Reply

  4. When I use group policy to deploy this, even if I set both “Start when computer is idle for” and “Wait for idle” to 1 hour, I’m logged out after a few minutes.

    Note: I’m using this as a user policy, not a computer policy.

    Reply

Time limit is exhausted. Please reload CAPTCHA.

Original Theme by Schiy · Powered by WordPress