Query existing RDP Sessions on a Windows server and Reset or Log Off those sessions.
Being Windows System Admins we often find our self in situations wherein we had left existing RDP sessions in disconnected state (not logged off properly) and once our Password is changed it keeps sending bad/invalid credentials resulting in account lockouts.
The solution to this is we need to find out existing RDP Sessions and log them off by providing the Session ID.
The command to query the Sessions is
query session /server:RemoteServerName
Here is the output of this command:
PS C:\> query session /server:RemoteServerName
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
console 1 Conn
rdp-tcp#48 My_User_Name 7 Active
rdp-tcp 65536 Listen
PS C:\>
The command mentioned above returns a plain text output which shows Session details which contains Session id and to reset the session we need to issue further command like below:
Command to reset the session
reset session /server:RemoteServerName 7
This will log off the session ID 7 from the server and thus it will prevent bad/invalid credentials from being sent resulting in Acount Lockout.
I have tried to write a simple PowerShell Script which accepts two Parameters and automatically finds the session ID and resets it without us specifying the session id manually.
.\Reset-TSSessions.ps1 -UserName My_User_Name -ServerName RemoteServerName
Here is My Git Repo where this script has been hosted :
https://github.com/Prakash82x/PowerShell/blob/master/TerminalService/Reset-TSSessions.ps1
########################################################################################
## Written by Prakash Kumar to Query and reset Remote RDP Sessions on Windows Servers ##
## Usage : .\Reset-TSSessions.ps1 -UserName My_User_Name -ServerName MyServerName ##
########################################################################################
param ($UserName,
$ServerName)
Write-host -ForegroundColor Green `nQuerying Sessions for $UserName on $ServerName
$Sessions = qwinsta /server:$ServerName
$MySessions = $Sessions | Select-String "$UserName"
$FinalSessions = $MySessions -replace ' {2,}', ',' -split ","
if ($MySessions -match "$UserName") {
$User = $FinalSessions[1]
$SessionID = $FinalSessions[2]
$SessionState = $FinalSessions[3]
Write-host `n"UserName SessionID SessionState"
Write-host "-------- --------- ------------"
Write-Host "$User $SessionID $SessionState"
Write-host "-------- --------- ------------"
Write-host -ForegroundColor Red `n"Resetting Session for`t $User on $ServerName : Session ID $SessionID : SessionState $SessionState"
rwinsta /server:$ServerName $SessionID
}
Else {
Write-host -ForegroundColor Yellow No Sessions Exist for user $UserName on Server $ServerName
}
PS: While running this script you need to make sure you are logged in using the same user name on a server and that it has Admin rights on the destination server as well to be able to logoff the session.
Note that Qwinsta and Query Session work exactly like same commands.
