Citrix/terminalserver Logoff

Question

Hi everyone!

We are considering this product for our helpdesk, but one of our most used operations, is logging users off from their Citrix/terminalserver session. Has anyone tried scripting this into the Adaxes program?

Any answers would be greatly appriciated

Comments

Hello,

Please specify in more details what you are trying to accomplish:

• Do you want to kick all sessions of all users on a specific computer?
• Do you want to kick all sessions of a specific user on all computers?
• Do you want to kick a session of a specific user on a specific computer?

---

The main idea would be to find a user in the Web interface, like you do if you want to reset his password or change information, then add a button that can be clicked to log the user off terminal servers. In my mind, this would then send a request to terminal servers to search for which one has the user logged on, get that reply and log the user of that server.

Another idea would be to get a reply to list the users open sessions, then be able to select which session you want to disconnect (if a user has multiple sessions).

Answer 1

You can create a Custom Command to log a user off from all sessions on all computers:

1. Create a new Custom Command.

2. On the 2nd step of the Custom Command creation wizard, select User.

3. On the 3rd step of the wizard, add the Run a program or PowerShell script action and paste the following script:

    Import-Module PSTerminalServices
    Import-Module Adaxes
   
    $username = "%username%"
    $computers = Get-AdmComputer -Filter {Enabled -eq $True}
   
    foreach ($computer in $computers)
    {
        try
        {
            $session = Get-TSSession -ComputerName $computer.DNSHostName -UserName $username -State Active
        }
        catch
        {
            continue
        }
   
        if ($session.ConnectionState -ine "Active")
        {
            continue
        }
   
        try
        {
            Stop-TSSession -Id $session.SessionID -ComputerName $computer.DNSHostName –Force
            $Context.LogMessage("User $username has been disconnected from " + $computer.Name, "Information")
        }
        catch
        {
            $Context.LogMessage($computer.Name + " : " + $_.Exception.Message, "Error")
        }
    }
   

The script uses the Terminal Services PowerShell Module that you can download here. Install it on the computer, where your Adaxes service is running.

If you want this Custom Command to be avilable from the Home Page of the Adaxes Web Interface, you need to create a Home Page Action that will execute this Custom Command as described in the Configure Home Page Actions Tutorial. See section Custom Command.

Also, see Citrix Farm Functions for Citrix-specific functionality that you can use with your script.

Comments

Se attachment for the error i then got

---

I've also tried running winrm set winrm/config/client/auth @{CredSSP="true"} on both the Adaxes server and the server it is connecting to, but still no luck

---

To allow using the CredSSP authentication type, you need to perform the following steps:

1. On the computer where Adaxes is installed, launch Windows PowerShell.

2. To allow passing credentials via the CredSSP authentication mechanism, execute the following PowerShell command:

    Enable-WSManCredSSP -Role Client -DelegateComputer comp1.domain.com -Force

   where comp1.domain.com is the computer that will be used to execute the script in the untrusted domain (the one where you have the Terminal Services PowerShell Module installed).

3. Also, launch Windows PowerShell on the computer that you specified in the previous step.

4. To allow accepting credentials via the CredSSP authentication mechanism, execute the following PowerShell command:

    Enable-WSMaCredSSP -Role Server –Force

For additional information, you can take a look at the following article by Microsoft: http://blogs.technet.com/b/heyscripting ... edssp.aspx.

---

I have finally resolved this... and this is a bit stupid, but the script to generate the credential file, did not include @domainname.com in the username. Why it didn't for this registration, i don't know. But the solution was adding @domainname.com to the username and voila!

---

Hello,

If you didn't include the domain part of the username in the CSV file, then it will not be included in the credentials files generated by the script. As we've mentioned in our initial post with instructions, the CSV file format should be as follows:

DomainName, ComputerName, UserName, Password
domain1.com,computer.domain1.com,administrator@domain1.com,password
domain2.com,computer.domain2.com,administrator@domain2.com,password

In the above sample, the username is specified with its domain part.