LOGOFF 0.1 Pre-Beta

Author: Daniyal Posted under: SYSTEM

LOGOFF 0.1 Pre-Beta
A tool to log off users from their workstations remotely or unattended.

LOGOFF description

A tool to log off users from their workstations remotely or unattended.

The LOGOFF application was designed to be a small command line tool that allows you to log off users from their workstations remotely or unattended. This program consists of two parts: INITLO, a program which runs with SYSTEM privilege and initiates the logoff proces, and LOGOFF, which runs under the user's security context and does the actual logoff, because only the user himself can call the ExitWindowsEx() API with the EWX_LOGOFF parameter (at least I have not found any other way).

Copy INITLO.EXE and LOGOFF.EXE somewhere to the machine where you want to log off the user (you can do this over the network with NET USE \machinec$ as Administrator). The designated method to start INITLO is with the AT command (or more comfortably with the SOON command from the NT Resource Kit, because you do not have to specify an absolute time).

You can use AT to start processes on other machines on your network. The Schedule service must run on the target machine. If it does not, you can start it remotely with NETSVC from the NT Resource Kit. Therefore you should always be able to use INITLO/LOGOFF even on unprepared workstations completely over the network.

INITLO must run under an account which has SE_DEBUG_NAME, SE_ASSIGNPRIMARYTOKEN_NAME, SE_CREATE_TOKEN_NAME and SE_SECURITY_NAME privileges. By default, only the SYSTEM account (not even the Administrator) has theses privilege. Take this into account if you have configured the Schedule service to run under a different user.

Usage:
initlo [-g grace] [-p program] [-t text]

where

-g grace is the time in seconds between a warning message during which the user may log off on his own and the forced logoff by the system. Default is 60 seconds, -g 0 logs off the user immediately without a warning message.

-p program is the program which is executed in the user's security context after the grace time, unless the user has left the system. INITLO looks for the program in the current directory, which is usually %systemroot%system32 if you invoked INITLO with the AT command, and the directory where INITLO was found, if you do not give the full path with the program. The default program is LOGOFF.EXE (without a path, so it should be either in %systemroot%system32 or in INITLO's directory.

-t text is the text in the warning message box. The default text is 'Please log off within %i seconds', where %i will be filled with the grace time given with the -g switch above. See example below for correct use of quotation marks.