AutoLogOff is a small application designed to monitor the activity of a user session and log the user off if they are inactive on a machine for a defined period of time.
It has been designed for public IT resources, seminar rooms, or any situation where users are likely to leave themselves logged in.
The key features of this application which make it different from other solutions are:
- No GPO loopback required
- Single MSI to deploy
- Simple XML Configuration File
- Ability to set different timeouts based on Group Membership
Requirements
The target computer must be running Windows Vista or newer, 32 or 64 bit. The .Net Framework 3.5 is also required to run this service.
Installation
The installation is a simple MSI. This can either be run interactively on the computer that you want to install on to,or you can deploy the application using Group Policy or another package management tool.
Configuring the Auto-Logoff Times`
The settings for the application are stored in an XML file within the application directory called AutoLogOffConfig.xml. The settings are simple and can be broken down into 2 areas: defaults and group configuration.
The application directory can be found at: C:\Program Files (x86)\Craig Tolley\AutoLogOff
Default Options
The three settings that can be configured are the IdleTimeout, Sort and ShowNotifications.
IdleTimeOut
This is the default timeout that will be applied to any user that logs in that is not a member of any of the other groups that you configure. Entering 0 in this option will mean that by default users will not be logged off automatically. This value is the timeout in minutes.
Sort
Specifies the sort order to apply should a user match multiple groups. The options are LeastRestrictive and MostRestrictive. MostRestrictive will choose the shortest Idle Time from all that match.
ShowUserNotification
Determines whether users are shown a short popup message when they log in explaining that their session will be logged off if they are idle.
The default settings are:
<Default IdleTime="0" Sort="LeastRestrictive"/> <Settings ShowUserNotification="false" />
Group Configuration
The Idle Time can be specified per group that a user is a member of. This allows very granular control of the timeouts. One of the benefits of this granular control is that you can specify that users by default are logged out after 30 minutes, and administrators are not.
An unlimited number of group configurations can be added into the file, however for management purposes, limiting the groups as much as possible is advised.
Each group record has two attributes:
GroupName
The name of the group to apply the setting to
IdleTime
The timeout (in minutes) to apply to the group. Set this value to 0 to disable the automatic logout for this group
An example record to apply a setting to a domain group called “IdleUsers” to log them out after 30 minutes would be:
<LogoffConfig GroupName="DOMAIN\IdleUsers" IdleTime="30" />
Using Group Policy
Once you have configured the settings as you want, you can use the Group Policy Preference Files extension to deploy the configuration to multiple machines as a Computer preference. There are plenty of guides on this already available on the Internet, so I won’t go into detail here.
Logging
It is always nice to know what is going on, so the application creates a log of everything it finds when it starts.
By default it will attempt to log information to the Application event log, with a source of “Auto Log Off Idle Users”. If the event log is not writeable, then a text file will instead be created in the %LOCALAPPDATA% folder, called AutoLogOff.
An entry is created when the application starts which details all of the groups that are found, the configuration that has been read, and what settings are going to be applied.
If you find that your configuration is not doing what you expect, then this is the first place to look to identify the cause.
Example Configuration
Included below are a couple of example configurations, showing some of the possibilities.
Log off everyone except administrators after 20 minutes idle. Show a notification when a user logs in
<LogoffConfig GroupName="DOMAIN\Domain Admins" IdleTime="0" /> <Default IdleTime="30" Sort1="MostRestrictive"/> <Settings ShowUserNotification="true" />
Only log off users who are a member of the specified two groups, and do not show a user notification:
<LogoffConfig GroupName="DOMAIN\LongIdleTimeout" IdleTime="60" /> <LogoffConfig GroupName="DOMAIN\ShortIdleTimeout" IdleTime="30" /> <Default IdleTime="0" Sort1="LeastRestrictive"/> <Settings ShowUserNotification="false" />
Only log off users who are a member of the specified two groups, and do not show a user notification:
Download
The application can be downloaded from here:
Download “Auto Log Off” AutoLogOff.zip – Downloaded 740 times – 120.29 KB
Version 1.3
- Fixed bug where timer would not start until the notification message was closed
- Fixed bug where groups configuration only work if the case of the group name was correct
Issues
Hopefully this program should just work, but if it does not, please send me the following information:
- A copy of the configuration file that you are using
- Details of the system that it was running on (ideally use msinfo32.exe and export the results)
- A detailed description of the problem, what happened, when, etc
- The log file – either exported from the Event Log or from the %LOCALAPPDATA% folder