LOGOFF.exe – Windows CMD Command

Log a user off.

By default LOGOFF will ask for user confirmation and prompt to save unsaved data.

Windows security log events

Logon Event IDs 528 and 540 = successful logon

Logoff Event ID 538 = logoff

Logon and logoff events also specify a Logon Type code:

Logon Type 2 – Interactive – Log on at the local keyboard/screen (see the event description for a computer name).

Logon Type 3 – Network – connections to shared folders or printers, over-the-network logons, IIS logons( but not basic authentication)

Logon Type 4 – Batch – The Scheduled Task service creates a new logon session for each task.

Logon Type 5 – Service – Each service is configured to run as a specified user account.

Logon Type 7 – Unlock- a password protected screen saver.

Logon Type 8 – NetworkCleartext – a network logon like logon type 3 but where the password was sent over the network in cleartext.

Logon Type 9 – NewCredentials – If you use RunAs /netonly and records the logon event with logon type 2.

Logon Type 10 – RemoteInteractive – Terminal Services, Remote Desktop or Remote Assistance.

Logon Type 11 – CachedInteractive – mobile users not connected to the network connecting with cached credentials.

You may also like...

1 Response

  1. zortilonrel says:

    Super-Duper site! I am loving it!! Will come back again. I am bookmarking your feeds also.

Leave a Reply

Your email address will not be published. Required fields are marked *