Force logout in VBS Script

Question

I've been working on a script that is ran whenever a user logs in. It checks against a .csv file containing machine names and usernames. If the machine the user is logging into is in the .csv file and the user is not "assigned" it will log them out. This works great for some accounts but there are a few that have restrictions and can not "run/execute" command prompt due to policies.

I've been using

Set oShell = WScript.CreateObject("WScript.Shell")
oShell.Run "cmd.exe /C timeout.exe /t 10 /nobreak && shutdown.exe /l", 0, False

Which works fine for the users without the restrictions in place. I was wondering if there is any way to force a logout without using cmd.exe in VBS? The only solution I have been able to think of is calling/running the script as a separate user that has the right permissions.

Answer 1

Sleep for 10 seconds, then call logoff.exe (or shutdown.exe /l if you prefer that).

Set oShell = CreateObject("WScript.Shell")
WScript.Sleep 10000
oShell.Run "logoff.exe", 0, False

cmd /c in your script is only required because you're chaining two commands (timeout.exe and shutdown.exe) via &&, which is a CMD-builtin feature. But since you don't allow the user to interrupt the timeout anyway you can just as well call Sleep.

However, since you say that you want to control which computer a user can and cannot log into: you can specify a list of the allowed computers in a user's settings in Active Directory (Account → Log On To...). This might be a better approach than running a script checking a CSV at logon.