Need function help - whitelisting users from logoff

This topic contains 2 replies, has 2 voices, and was last updated by  Monica “cmdlette” K. 4 months, 3 weeks ago.

  • Author
    Posts
  • #67561

    I am trying to build a function that will log off any non-administrator user when the function is called. I'm hoping to find a way to whitelist those users so they won't get logged off, no matter what their idle time or session state is. But any other users with any amount of idle time need to be logged off.

    (Long story but suffice it to say that Server Manager in Server 2012 R2 has been acting up on us and is no longer logging people off after x hours of inactivity, and it isn't accurately reporting idle time... Which is why I'm trying to find a solution with PowerShell in the meantime.)

    So, the code below is something I've been trying to work on. It doesn't seem to whitelist as I had expected it to based on the Where-Object -NotMatch part, so I am wondering if I'm missing something or whitelisting isn't doable by username at all.

    Function Logoff-TSUser()
    {
        [CmdletBinding()]
        Param
        (
            [Switch]$ViewOnly
        )
    
        Begin {
            Import-Module RemoteDesktop
            $Collections = (Get-RDSessionCollection).CollectionName
            Write-Output "Searching for user sessions to end. . ."
        }
    
        Process {
            ForEach ($Collection in $Collections) {
            $Sessions = Get-RDUserSession -CollectionName $Collection | Where-Object UserName -NotMatch "Administrator","Admin1","Admin2"
    
                ForEach ($Session in $Sessions) {
                    If (($Session).IdleTime -gt 0) {
                        [String]$UserName = $Session.Username
                        [String]$CollectionName = $Session.CollectionName
                        [String]$HostServer = $Session.HostServer
    
                        Write-Output "Logging off $UserName from $HostServer."
    
                        If ($ViewOnly -eq $True) {Write-Output "View Only Mode. No logoffs will occur."}
                        Else {Invoke-RDUserLogoff -Force -HostServer ($Session).HostServer.ToString() -UnifiedSessionID ($Session).UnifiedSessionID.ToString()}
                    }
                $Sessions = $null
                }
            }
        }
    }

    What could I be doing better to get it to work as intended (and is it even possible to get it to work as intended)?
    This isn't a super important or urgent thing; just a workaround until we hear back on our ticket with Microsoft or until the bug with Server Manager is fixed.

    Thanks in advance!

  • #67588

    Don Jones
    Keymaster

    I'd say forbid logging onto servers, period, and let people manage them remotely. Logging on locally is what fragments memory and causes eventual instability anyway.

    But...

    -NotMatch doesn't work like that, and you probably don't want to use the simplified Where-Object syntax. I'd maybe try -In or -Like.

    $whitelist = "one","two","three"
    ...
    Where-Object { -not ($_.UserName -in $Whitelist) }

    Or something along those lines. Do some tests with just that line to see what you get back.

  • #67596

    Thanks, Don! It's a remote desktop server for production lines; we're just trying to make sure that operator sessions are ended after working hours, keeping only a group of admins' sessions up.

You must be logged in to reply to this topic.