7

I am currently working on some parental control software. This software is supposed to log out a user and then lock the account so that they cannot log back in unless the parent/admin has specified that they can.

I have tried several things so far such as setting flags on the user account saying that it is disabled. This completely removes it from the login screen. From what I have found out is that if the user account is logged in, it doesn't apply the ADS_Disable flag. I have also tried looking for resources on logging out another account but I can only seem to find information on logging out the account that is running the logout command. Such as Pinvoke, or directly calling the LOGOUT.EXE program.

I found a resource on LSAUser and found that there might be something there. I am doing this project for school and I am needing a little guidance. Since there is such a sparse amount of information on doing this, is there a better way of doing what I want to do? Or is there a reason why I shouldn't do this? Any alternatives?

Improve this question
6
  • 1
    windows.microsoft.com/en-US/windows7/products/features/… must be an api somewhere you could tie into so you don't have to reinvent the wheel. Commented Jan 22, 2013 at 19:24
  • I am trying to do this for Windows XP, from what I have been able to tell the Family Center doesn't support XP. Commented Jan 22, 2013 at 19:27
  • You may want to check out stackoverflow.com/questions/12112506/…. That's assuming you don't mind a non C# solution. Appears to be powershell based which is the de-facto way of carrying out a task of this nature. Commented Jan 22, 2013 at 19:51
  • Windows has supported time-based user lockout since Windows 2000. Take a look at Group Policy, which is supported on Windows XP Home Edition. Commented Jan 22, 2013 at 20:28
  • I found this stackoverflow.com/questions/484278/… it might help Commented Jan 22, 2013 at 20:30

3 Answers 3

Reset to default
13

Use the WTSDisconnectSession() Windows API. See article here.

using System;
using System.Runtime.InteropServices;
using System.ComponentModel;

class Program
{
  [DllImport("wtsapi32.dll", SetLastError = true)]
  static extern bool WTSDisconnectSession(IntPtr hServer, int sessionId, bool bWait);

  [DllImport("Kernel32.dll", SetLastError = true)]         
  static extern int WTSGetActiveConsoleSessionId();

  const int WTS_CURRENT_SESSION = -1;
  static readonly IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr.Zero;

  static void Main(string[] args)
  {
    if (!WTSDisconnectSession(WTS_CURRENT_SERVER_HANDLE,
         WTS_CURRENT_SESSION, false))
      throw new Win32Exception();
  }
}

Even without remote desktop, it will disconnect the current user and go to the login screen. The processes will still run in the background. After manually login in again, the running programs will appear as they were before the disconnect.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

This is awesome, do you happen to know how to get the user session id? Can I get it from the WMI?
You use [DllImport("Kernel32.dll", SetLastError = true)] static extern UInt32 WTSGetActiveConsoleSessionId(); as I read it from: social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/…
Or WTSEnumerateSessions() from stackoverflow.com/questions/132620/…
@esmehsnj I don't know. Does UWP support WinAPI? Maybe not.
@JohnAlexiou apparently not, according to this answer we can find the equivalent functions in WinRT stackoverflow.com/a/42445105/6908213
6 
  [DllImport("wtsapi32.dll", SetLastError = true)]
  static extern bool WTSDisconnectSession(IntPtr hServer, int sessionId, bool bWait);


When you use WTSDisconnectSession in remote desktop is equivalent to 'Close' the remote desktop windows. It is disconnect your Windows session, but hold the connection.

The advantage is you can reconnect back the session later by remote log in again.
The disadvantage is the Windows may not be able log in by other user when the remote desktop connection is full.


To simulate Windows 'Log off' should use ExitWindowsEx under user32.dll

[DllImport("user32.dll", SetLastError = true)]
static extern bool ExitWindowsEx(uint uFlags, uint dwReason);

public static bool WindowsLogOff() {
  return ExitWindowsEx(0, 0);
}

if you want to Force the user to log off you need to add the EWX_FORCE flag like this:

ExitWindowsEx(0 | 0x00000004, 0);

More details on the function here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa376868(v=vs.85).aspx

Improve this answer

2 Comments

How to Log off other user logged in?
How to forcefully log off selected user from the Remote machine by using ExitWindowsEx . For example we have 3 remote users logged in. And we want to log off a specific user bu its session id. How we can do this by using ExitWindowsEx.
2

piggybacking off Leng Weh Seng's answer (since I can't comment), if you want to Force the user to log off you need to add the EWX_FORCE flag like this:

ExitWindowsEx(0 | 0x00000004, 0);

More details on the function here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa376868(v=vs.85).aspx

Improve this answer

1 Comment

This is equivalent to ExitWindowsEx(4, 0);

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.