Under Review

Auto Logoff Windows session on Disconnect/Exit

MCOverwatch 5 years ago updated by Martin Old 1 year ago 12 1 duplicate

We are looking for when a SC session ends or we exit, that the Windows session also get logged off. There are too many times where a SC session disconnects, and the next day someone goes to log into the server, everything is left off where the previous tech was. We need this to be clear when a user logs into the system.

Duplicates 1
Considering for Future Release

We've implemented "Lock session" upon disconnected sessions and "Limit Idle Sessions" through the Advanced Configuration Editor.  This request has been much requested from our internal security team.  Managing several customer environments, this feature (auto logoff windows session on disconnect/exit) would be a huge security feature!

This feature is a must for us. Especially with CMMC and NIST compliance. 


For our use case, we'd nee a GUI option to opt out of this for a connection to a session.  For example tech is starting a process in user space on a server that will run for 14 hours, and tech needs to disconnect and reconnect tomorrow to check on it. If there's no option to opt out of this when they disconnect it would log them off and kill their task. This would make this useless to us as we couldn't enable it. 

I would like to add that this feature would be great to have.

Another vote for this, especially with the constant threat of Mimikatz these days.


The following should help. - https://forums.mspgeek.org/topic/6856-lock-server-on-connect-lock-server-on-disconnect-triggers/#comment-38028

You may just need to change the batch that gets executed which can call one of the following commands. 

logoff or shutdown -l

Question from the product/engineering team:

How does logoff on disconnect provide more security than implementing the already present feature to Lock on Disconnect?




Logoff will close any user spawned processes, while locking will keep them active.

This presents a potential security risk, depending on the environment.

Mimikatz is often used by threat actors to capture the credentials of current sessions (active or disconnected), which can then be used for lateral movement through an environment.

Every ransomware event we've seen in recent times has made use of Mimikatz.