LOGOFF.exe – Windows CMD Command
Log a user off.
1 2 3 4 5 6 7 8 9 |
Syntax LOGOFF [/f] [/n] Key /f Force running processes to close, but will ask for user confirmation. The user will not be asked to save unsaved data. /n Force running processes to close without confirmation. The user will be prompted to save unsaved data. |
By default LOGOFF will ask for user confirmation and prompt to save unsaved data.
Windows security log events
Logon Event IDs 528 and 540 = successful logon
Logoff Event ID 538 = logoff
Logon and logoff events also specify a Logon Type code:
Logon Type 2 – Interactive – Log on at the local keyboard/screen (see the event description for a computer name).
Logon Type 3 – Network – connections to shared folders or printers, over-the-network logons, IIS logons( but not basic authentication)
Logon Type 4 – Batch – The Scheduled Task service creates a new logon session for each task.
Logon Type 5 – Service – Each service is configured to run as a specified user account.
Logon Type 7 – Unlock- a password protected screen saver.
Logon Type 8 – NetworkCleartext – a network logon like logon type 3 but where the password was sent over the network in cleartext.
Logon Type 9 – NewCredentials – If you use RunAs /netonly and records the logon event with logon type 2.
Logon Type 10 – RemoteInteractive – Terminal Services, Remote Desktop or Remote Assistance.
Logon Type 11 – CachedInteractive – mobile users not connected to the network connecting with cached credentials.
Super-Duper site! I am loving it!! Will come back again. I am bookmarking your feeds also.