LOGOFF.exe – Windows CMD Command

Log a user off.

By default LOGOFF will ask for user confirmation and prompt to save unsaved data.

Windows security log events

Logon Event IDs 528 and 540 = successful logon

Logoff Event ID 538 = logoff

Logon and logoff events also specify a Logon Type code:

Logon Type 2 – Interactive – Log on at the local keyboard/screen (see the event description for a computer name).

Logon Type 3 – Network – connections to shared folders or printers, over-the-network logons, IIS logons( but not basic authentication)

Logon Type 4 – Batch – The Scheduled Task service creates a new logon session for each task.

Logon Type 5 – Service – Each service is configured to run as a specified user account.

Logon Type 7 – Unlock- a password protected screen saver.

Logon Type 8 – NetworkCleartext – a network logon like logon type 3 but where the password was sent over the network in cleartext.

Logon Type 9 – NewCredentials – If you use RunAs /netonly and records the logon event with logon type 2.

Logon Type 10 – RemoteInteractive – Terminal Services, Remote Desktop or Remote Assistance.

Logon Type 11 – CachedInteractive – mobile users not connected to the network connecting with cached credentials.

You may also like...

2 Responses

  1. houston junk car buyer says:

    An impressive share! I have just forwarded this onto a coworker who had been doing a little research on this.

    And he in fact bought me lunch because I stumbled upon it for him…
    lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending some time to talk about this topic
    here on your web page.

  2. zortilonrel says:

    Super-Duper site! I am loving it!! Will come back again. I am bookmarking your feeds also.

Leave a Reply

Your email address will not be published.