This post was edited/updated on the 2nd of February, 2021. Published first on September 7th, 2014.
Based on users’ feedback, I decided to write a nice tool using SAPIEN PowerShell Studio 2015 which is a great support when you are creating advanced scripts. This tool will support the IT help desk to manage remote desktop user sessions based on Remote Desktop Services 2012 / R2 and later.
In this article, we will show you how to log off Remote Desktop user sessions in Remote Desktop Services (RDS) with PowerShell.
Table of Contents
Okay, this is not actually a Server virtualization-related blog post – but still in the virtualization space, of course, Session virtualization in Remote Desktop Services (RDS) formerly known as Terminal Services (TS) and purely about PowerShell. Nonetheless – it is something that I use quite often when scripting RDS – so I thought I would post it here.
As you know, the new BYOD (Bring Your Own Device) era is expanding the number of devices every day, Operating Systems, and applications as well as the constant expectation that we all should be able to access vital information from anywhere anytime. Users can bring in whatever device they wish into work or work at home on their own personal device by using an RDP Client on that device and securely connecting with it.
You can get the latest Microsoft Remote Desktop Client App free for each platform here:
The simple fact is that the desktop and applications we are providing to our users are now running on servers under our direct control, and when they are working on-site or remotely, their virtual desktop/session is still in the data center. RDS in all its forms is then an ideal way of allowing a (BYOD) policy.
Now Microsoft® RDS includes two techniques for providing virtual desktops, Session virtualization and VDI based on a collection of Windows 8 or 8.1 virtual desktops. While Session virtualization uses far fewer hardware resources, it is based on a server OS, which can be less experience for our users and limit the applications we can offer using this technique.
On the opposite side, VDI consumes more resources but offers our users a first-class experience. VDI is also different from RemoteApp, which lets you deliver individual applications that run remotely on the server to users’ own local desktops. Where they can run side by side with local applications. There’s no right answer here to which option you need to choose, it’s about what is right for the department or business unit that will use VDI.
More information about Remote Desktop Services can be found here.
Remote Desktop Services
If you used to work with RDS (aka Terminal Services) in previous Windows Server releases, you will notice a tremendous improvement in Windows Server 2012/R2 that makes the deployment of VDI faster and easier, by providing a new unified central experience. RDS previously required multiple administrative tools, but with Server 2012/R2, most of them were combined into a single management console that’s built into the new Server Manager that was introduced in Windows Server 2012 as shown in the following figure:
The new Server Manager central experience for Remote Desktop Services deployment. (Image: Charbel Nemnom)
Long story short, we are using Remote Desktop Services since Windows Server 2003/R2, which is the end of support just a few months away, make sure you started planning the upgrade of your existing infrastructure to Windows Server 2012 R2.
Now back in Windows Server 2003/R2 and 2008/R2, If you need to control/shadow or Log Off a remote user session, we used to do the following as shown in the below figure:
The Terminal Services experience Windows Server 2003/R2. (Image: Charbel Nemnom)
The Remote Desktop Services experience Windows Server 2008/R2. (Image: Charbel Nemnom)
In Windows Server 2012, Microsoft removed the Remote Control/Shadowing feature and restrict the Log Off feature in the UI by a single user at a time. In other words, you cannot select multiple users and Log them off at the same time as we used to do in Windows Server 2008/R2 and 2003/R2.
But in Windows Server 2012 R2, Microsoft brings back the feature called Session Shadowing, with which you’re able to monitor or take control of users’ active sessions. This was not available in Windows Server 2012, but Microsoft responded to input from customers who missed the feature, however, the Log Off feature is still by a single user at a time.
You can shadow a remote user session in Windows Server 2012 R2 in one of two ways:
- You can use the Server Manager if you prefer a graphical interface, OR
- You can use the command line if you prefer a text-based interface
In Server Manager, you can browse for the session collection in which the user whose session you want to control is active, or if you know which collection it is, you can access it directly from the Collections section. You can select whether you want to control the session or just view it and also whether or not the user will receive a prompt.
At the command line on a computer running Remote Desktop Client version 8.1 or above, type the following command:
mstsc /v:<server name> /shadow:<session ID>
In case you’re wondering how you’re supposed to know the session ID? you can find it out by running the following PowerShell cmdlet (you must first import the Remote Desktop Module):
Import-Module RemoteDesktop Get-RDUserSession
Log off more than one user
Now, what about Logging Off more than one user at a time? we still missing this feature in Remote Desktop Service 2012/R2 and later release.
The answer is…
With PowerShell, of course:
<# .SYNOPSIS Select Remote Session State and log off the user sessions. .DESCRIPTION Select Remote Session State (Disconnected/Active/Idle/All) and log off the user sessions. .NOTES File Name: RDSessionSupport.ps1 Author : Charbel Nemnom Version : 1.0 Requires : PowerShell Version 3.0 or above OS : Windows Server 2012/R2 or above with Remote Desktop Connection Broker Role .LINK To provide feedback or for further assistance visit:
With the above PowerShell script, the user will select which session state would like to log off, and then all sessions with the selected state will be logged off from all Remote Desktop Session Hosts (RDSH).
Sure enough, there are different ways to accomplish the same result, but nevertheless, it has worked for me and I feel that it’s much nicer than having to Log Off each user manually, so that’s that.
A couple of areas that could definitely be improved though would have to select which user you want to Log Off, etc.
You can download a copy of this tool from
TechNet Gallery GitHub here.
This is version 2.0, do you have any other scenarios? Please leave your feedback below.
Hope that helps you manage Remote Desktop Session Hosts efficiently…
Please share your feedback, what would you like to see in the next version?
Until then, enjoy your day!
Be social and share!