Logoff User After Idle

Posted On 2017-09-27 by dwirch
Tags: Free Stuff General Blog 
Views: 1469

Title Uploaded Size
SystemIdleCheck. 9/27/2017 6:54:30 PM 5,313
SystemIdleCheck. 1/27/2018 10:11:25 AM 5,836

Recently, there was a request for our team to implement a new security requirement for workstations. Specifically, If a user remains logged in, but is idle for a specific period of time, that user should be logged out. 

After consulting the interwebs for a few minutes, all I could find were hacky solutions using vbscript, PowerShell, task scheduler, or screensavers that may or may not work. I don't need weird, chained together items. I just need something that works.


So, I cracked open my favorite Rapid Application Development (RAD) environment, and built something that fits the bill.  I had a few requirements, though.

  • No installation - I don't need a setup program, which makes deployment and update just a bit easier.
  • No dependencies - Deploying this program to any version of Windows should just work. No support libraries needed, not even .Net.
  • No interface - The program should run transparently to the user.
  • Configurable idle time -  Default to five minutes (300 seconds), but accept any number of seconds.

The program that I've put together meets all the criteria above. By utilizing API calls that are standard across the Windows product line, the program will run anywhere. Heck, it might even work in WINE, but I haven't tried it.

Further, no DLLs or other extras need to be distributed with it. No registering of random DLLs or any of that.


As mentioned, the program runs without dependencies. All you need to do is drop it in to a folder on a target machine. Or you could run it from a network share (it's small!), but I would recommend against that.

Next, you need to make sure the program runs at user logon. There are multiple ways to do this, but I've used Group Policy Objects (GPO) to get this done. In your Group Policy Management console, look for:

User Configuration \ Policies \Administrative Templates \ System \ Logon \ Run this programs at user logon

In the configuration of that policy, I've given the full path and filename for the executable, as it sits on the target system, like so:

c:\spdistro\scripts\SystemIdleCheck.exe 3600

You'll notice that in the example, I've configured the only command switch for the program. This switch is the idle time, in seconds. The example shows a value of 3600 seconds, or one hour. If no value is specified, a default value of 300 seconds (five minutes) is used.

Once again, there is no interface for the app, not even in the tray. The only indicator is the presence of the executable in Task Manager.


This program will forcefully log off the currently logged on user. It is possible for the user to lose anything they were working on that was not saved.

You have been warned.  Neither I nor anyone affiliated with this site is responsible for the use or misuse of this software.  It is provided free of charge, and there are no requirements for payment of any kind.

To Do

The only thing I have to add at the moment is logging. I'll be adding the capability of logging to the Windows event log. By using the event log, a standard central log aggregation service like Splunk or SCOM will be able to pick up on the idle logoff events, for audit purposes.

If anyone has any other ideas for things to add, I'm all ears.


Version Comments Warning notice prior to logoff. The application will now pop up a warning message in the middle of the screen sixty (60) seconds before the user is logged off. To dismiss the warning, the user simply needs to move the mouse or press a key. The logoff will be aborted, and the idle timer will be reset.

About the Author

dwirch has posted a total of 188 articles.

Comments On This Post

By: AnonymousCoward
Date: 2017-12-08

This is perfect, is the code available or could you create one that switches users instead of log out this way the work is not lost.

By: dwirch
Date: 2017-12-09

Sorry - the source is not available. I might be able to manage locking the workstation, but why wouldn't simply enforce a screensaver at that point?

By: AnonymousCoward
Date: 2017-12-16

this sounds perfect thanks- it's crazy this still isn't baked into the OS. How can I get this to apply to specific users or groups (ie. users not admins)?

By: dwirch
Date: 2017-12-16

GPO for the win. Turn it on for Domain Users, then farther down in your GPO turn it off for admins (Domain Admins, Server Operators, etc.)

By: AnonymousCoward
Date: 2017-12-23

Hmm, sorry - I cannot find this as one of the "turn-off options". Can you point me to where that would be in the GPO for turning off start at user logon for Admins?

By: dwirch
Date: 2017-12-23

You'd simply make a second GPO, farther down in the precedence, where the option is Disabled rather than Enabled. Both GPOs reference the same setting. Domain users would be enabled, domain admins would be disabled. It's important to note that the domain admins GPO would need to be processed second.

By: AnonymousCoward
Date: 2018-01-22

Is there any current option or thought to implement the option to show a message box warning the user that they will be logged out in x number of seconds unless they are active? (much like Grimadmin Screensaver Operations https://www.grimadmin.com/page.php/ss-operations)

By: dwirch
Date: 2018-01-22

I had not thought of that, nor had I been asked for it. I will get to work on it as soon as possible, and update the post when it is ready. Thanks for the suggestion!

By: dwirch
Date: 2018-01-27

Feature added. When sixty seconds remains before logoff, a warning will pop up in the middle of the screen, warning of the impending logoff. Also includes a countdown timer.

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links