Automatically logout a User when inactive

Hi,

Windows has no Group policy or setting to logout/logoff a User if its inactive.

My solution is to define a Schedule Task to log the User out on idle.

Start the Task Scheduler and create a new Task. In the Security Groupbox choose all user which should affected by the task. in my example all Users of the BUILTIN\Users Group.

Set the trigger to “on idle”

Action is to execute “C:\windows\system32\logoff.exe”

And as condition the idle time, here 30 Minutes

Here is the Task exported as XML file

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <Triggers>
    <IdleTrigger>
      <Enabled>true</Enabled>
    </IdleTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <GroupId>S-1-5-32-545</GroupId>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT30M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>true</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>true</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\windows\system32\logoff.exe</Command>
    </Exec>
  </Actions>
</Task>

Save it and import the task
c:\> SCHTASKS /Create /TN "Autologout" /XML "C:\temp\Autologout.xml"

Michael

10 thoughts on “Windows: Automatically logout a User on inactive”

Can you elaborate on the difference between “Start the Task Only if the Computer is Idle for….” and “Wait for Idle For…”. With your task above, will logoff happen after 1 hour of idle time, or 30 minutes? Do you also know if there is a time limit this can be set to? I am looking for more of a 6 hour of idle window. Thanks a lot, great step by step write up.

Michael says:

November 9, 2016 at 12:07 PM

Hi Eduard,

if the trigger is set to “On idle” the “wait for idle” option makes no sense. But you can enable these conditions also on other triggers.

An example: If a trigger (other then “on idle”, for example at “at an event”) is fired and the “Start the task if idle for”=10min and “Wait for idle for”=60min, then the computer must enter to idle state within 50min after trigger when the action should fired. Later idle states are no longer in scope.

You can edit the text within the dropdown box. Try it and enter your timeouts http://imgur.com/a/5d79V

Michael

Log in to Reply

Michael thanks for the reply. So if I leave the trigger as On Idle, and make the values 6 hours (Start if Idle for) and 7 hours (Wait for Idle fot) the logoff WILL happen in 6 hours idle (give or take the 15 minutes Windows does for idle checking). Do I have this all right? Sorry, wish Microsoft worded it better and sorry if this was a double post.

Michael one last question. How are you delivering this? GPO? We have attempted to delivered it via a StartUp Script to our domain users, but, it seems they don’t have the rights to run schtasks. We’ve tried utilizing /RU, /U, /RP, /P to provide local Admin credentials, but, so far no luck. We could go the GPO route, but, we’re looking to avoid it if possible. Thanks once again.

Michael says:

November 14, 2016 at 7:34 AM

Hi Edward,

you can define Schedule Task by GPO

https://technet.microsoft.com/en-us/library/cc725745.aspx

but only possible by domain and not local GPOs.

I have maintenance task on each client (not domain members) which runs with system permissions, the task is already defined in my base windows image 🙂

Michael

Log in to Reply

When I use group policy to deploy this, even if I set both “Start when computer is idle for” and “Wait for idle” to 1 hour, I’m logged out after a few minutes.

Note: I’m using this as a user policy, not a computer policy.

HendrikS86 says:

February 25, 2020 at 1:21 PM

This only work at an RDP Session not for local User Logons

Log in to Reply

did this solution worked for anyone ? i am looking for similar solution for desktop users not RDP any suggestions

looks like they depricated the wait for idle and on win10 it seems that idle is no logner calculated like it was, so like you I get logged out minus 15 minutes depending on when windows check for idle tmie (every 15 minutes) is what I can find…Anyonw else got the same problem, or work arround?

Weird, it always logs out at 4 minutes no matter the setting.

I just tried this and mine too logged out after 4 minutes. Did anyone find a work around?

Michls Tech Blog

Windows: Automatically logout a User on inactive

10 thoughts on “Windows: Automatically logout a User on inactive”

Leave a Reply Cancel reply

My Knowledgebase for things about Linux, Windows, VMware, Electronic and so on…