Overview
For anyone performing administrative tasks—whether you’re already using secondary IDs or not—I strongly encourage you to take full advantage of them. Secondary IDs are a best practice for enhancing security, maintaining accountability, and ensuring a clear separation of duties.
That being said, secondary IDs are often tied to systems that rotate passwords daily, which is exactly what we want from a security perspective. However, a recurring issue we’ve encountered is users forgetting to log out of systems after completing their tasks.
When password rotations occur the next day, these lingering sessions can trigger account lockouts—leading to unnecessary disruptions, delayed work, and increased support tickets.
To address this, I developed a script that scans the servers for active sessions tied to secondary IDs and generates a report. This allows us to proactively identify who is still logged in and take appropriate action before issues arise. It's important to note that the account used to run this script must have administrative permissions on the target servers in order to retrieve session data successfully.
We had been using webhooks to automate notifications in Microsoft Teams as part of our monitoring workflow. However, with Microsoft’s deprecation of webhook support for Teams, that approach is no longer viable. If you're looking to automate similar functionality, you’ll need to explore alternative methods—one potential option is transitioning to Power Automate.
Our solution was to implement a Group Policy that automatically logs off inactive users after a defined period and remove the notifications and script all together. While this helps reduce the risk, the best defense is still manual discipline—please make it a habit to log out once your administrative tasks are complete. This simple action plays a significant role in maintaining system security and avoiding preventable issues.
Some Details
To assist with the discovery process, I'm using QWINSTA, a command-line tool that provides details about active sessions on a Remote Desktop Session Host server. It displays valuable information such as username, session ID, state, session type, and connected device.
Code Repository
0 Comments