Friday, July 16, 2010

QWINSTA and RWINSTA

If you need to RDP a remote Windows server and all the sessions seem to be unavailable, you may use two utilities to kill offending/exceeding sessions: qwinsta and rwinsta

Here’s the procedure:

  • Type “Psexec \\servername –u username –p password –c cmd”
  • Type “qwinsta”
  • Choose a session to kill and note its id
  • Type “rwinsta id”

... because the real sysadm can do it via the command line!

Additional notes:

QWINSTA.EXE: queries the sessions

qwinsta /?


Display information about Terminal Sessions.


QUERY SESSION [sessionname | username | sessionid]

[/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER]


sessionname Identifies the session named sessionname.

username Identifies the session with user username.

sessionid Identifies the session with ID sessionid.

/SERVER:servername The server to be queried (default is current).

/MODE Display current line settings.

/FLOW Display current flow control settings.

/CONNECT Display current connect settings.

/COUNTER Display current Terminal Services counters information.


RWINSTA.EXE: removes the sessions


rwinsta /?


C:\Documents and Settings\stever>rwinsta /?

Reset the session subsytem hardware and software to known initial values.


RESET SESSION {sessionname | sessionid} [/SERVER:servername] [/V]


sessionname Identifies the session with name sessionname.

sessionid Identifies the session with ID sessionid.

/SERVER:servername The server containing the session (default is current).

/V Display additional information.

12 comments:

  1. Thanks for sharing! It's a good information about query and remove the Remote session.

    ReplyDelete
  2. thank you great help.

    ReplyDelete
  3. Thanks for this, exactly what I needed!

    ReplyDelete
  4. Why bother with PSEXEC? QWINSTA and RWINSTA both have a server parameter to do it remotely...

    ReplyDelete
    Replies
    1. Good of you to contribute your comment, poor of you to not include the servr parameters....

      Delete
    2. qwinsta /server:[hostname]
      rwinsta /server:[hostname] [session id] oughta do it.

      Delete
    3. use logoff to log them off by the username instead of needing session ID or "sessionname"

      QWinSta /server:[Server]
      Logoff [Username] /Server:[Servername]

      Or use this to do it all in one go:

      FOR /F "tokens=1" %A IN ('QWinSta /server:[ServerName] | FIND /I /V "SESSIONNAME" ^| FIND /I "Disc" ^| FIND /I /V "services" ^| FIND /I /V "console" ') DO @(Logoff %%~A /Server[ServerName] )

      Delete
  5. What about MacBook can I put that in the terminal

    ReplyDelete
  6. problem that I and other have is that you can't log out the users w/out killing mainly the svhost.exe process but I've seen a few of loginui.exe that is preventing from winlogon.exe from closing (which can be found by analyzing the wait chain). There seems to be people reporting this issue form 2016->2012R2 but we only really noticed it on 2016.....Unfortunately I haven't found a good way to script killing the process preventing from winlogon.exe from closing....I can get close, but it's difficult cause the winlogon.exe and svchost are running under the 'Systems' user account but under the user's context

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...