Friday, July 16, 2010

QWINSTA and RWINSTA

If you need to RDP a remote Windows server and all the sessions seem to be unavailable, you may use two utilities to kill offending/exceeding sessions: qwinsta and rwinsta

Here’s the procedure:

  • Type “Psexec \\servername –u username –p password –c cmd”
  • Type “qwinsta”
  • Choose a session to kill and note its id
  • Type “rwinsta id”

... because the real sysadm can do it via the command line!

Additional notes:

QWINSTA.EXE: queries the sessions

qwinsta /?

Display information about Terminal Sessions.

QUERY SESSION [sessionname | username | sessionid]
[/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER]

sessionname Identifies the session named sessionname.
username Identifies the session with user username.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server to be queried (default is current).
/MODE Display current line settings.
/FLOW Display current flow control settings.
/CONNECT Display current connect settings.
/COUNTER Display current Terminal Services counters information.

RWINSTA.EXE: removes the sessions

rwinsta /?

C:\Documents and Settings\stever>rwinsta /?
Reset the session subsytem hardware and software to known initial values.

RESET SESSION {sessionname | sessionid} [/SERVER:servername] [/V]

sessionname Identifies the session with name sessionname.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server containing the session (default is current).
/V Display additional information.

Publié par Carlo à l'adresse 6:14 AM
Libellés : ,

12 comments:

  1. AnonymousNovember 17, 2011 at 7:40 AM

    Thanks a lot!

    ReplyDelete
  2. ChuckApril 3, 2012 at 6:53 AM

    Thanks from me, too!

    ReplyDelete
  3. Terry LauJune 23, 2012 at 10:18 AM

    Thanks for sharing! It's a good information about query and remove the Remote session.

    ReplyDelete
  4. AnonymousJanuary 24, 2013 at 10:21 PM

    thank you great help.

    ReplyDelete
  5. GlennymJuly 11, 2013 at 4:47 AM

    Thanks for this, exactly what I needed!

    ReplyDelete
  6. AnonymousJune 26, 2014 at 12:21 PM

    Why bother with PSEXEC? QWINSTA and RWINSTA both have a server parameter to do it remotely...

    ReplyDelete
    Replies
    1. AnonymousFebruary 23, 2015 at 6:44 AM

      Good of you to contribute your comment, poor of you to not include the servr parameters....

      Delete
    2. AnonymousApril 10, 2015 at 1:45 PM

      qwinsta /server:[hostname]
      rwinsta /server:[hostname] [session id] oughta do it.

      Delete
    3. UnknownJuly 7, 2017 at 2:39 PM

      use logoff to log them off by the username instead of needing session ID or "sessionname"

      QWinSta /server:[Server]
      Logoff [Username] /Server:[Servername]

      Or use this to do it all in one go:

      FOR /F "tokens=1" %A IN ('QWinSta /server:[ServerName] | FIND /I /V "SESSIONNAME" ^| FIND /I "Disc" ^| FIND /I /V "services" ^| FIND /I /V "console" ') DO @(Logoff %%~A /Server[ServerName] )

      Delete
    4. HavenJanuary 24, 2019 at 9:07 AM

      Thanks

      Delete
  7. HeiixxRaiserAugust 23, 2020 at 10:16 PM

    What about MacBook can I put that in the terminal

    ReplyDelete
  8. Virtual NinjaJanuary 31, 2021 at 6:36 AM

    problem that I and other have is that you can't log out the users w/out killing mainly the svhost.exe process but I've seen a few of loginui.exe that is preventing from winlogon.exe from closing (which can be found by analyzing the wait chain). There seems to be people reporting this issue form 2016->2012R2 but we only really noticed it on 2016.....Unfortunately I haven't found a good way to script killing the process preventing from winlogon.exe from closing....I can get close, but it's difficult cause the winlogon.exe and svchost are running under the 'Systems' user account but under the user's context

    ReplyDelete

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...