Auditing Lithnet IdleLogoff Use and Current Logons

I often recommend to various clients to utilize Lithnet’s Idle Logoff utility. It’s a free, lightweight client that can be modified via Group Policy to enforce an idle logoff time for systems.

During deployment, we wanted to review which systems had the utility running and when their last logon was to determine if we needed to look into their systems further. This script will help you in scanning various Windows 7 or Windows 10 systems to see if the utility is running, and who is currently logged in.

The ideal result we want will list a user logon and show that Lithnet Idle.Logoff.exe is currently running on the system, with the Session ID of the process matching that of the logged on user(s). If not, we may need to determine if the user just hasn’t logged off in awhile, which will be noted in the Last Logon time, or if something else is stopping the utility from working.

How to Use

We recommend you run this script in an Administrative PowerShell session on a system that either has RSAT installed, or on a domain controller.

Copy and paste the below script in your favorite text editor and save it as check_lithnet.ps1

It will take some time for the script to run, and it will save the results of the scan to find-lithnet.txt, which will be located where the script is.

# -----------------------------------------------------------------
# Check Lithnet Deployment
# Created by: Christopher Clai - www.syntaxbearror.io
# -----------------------------------------------------------------
# Version 1.0 (August 5th, 2019)
# -----------------------------------------------------------------
#
# Example of running the script:
# .\check_lithnet.ps1 
#
#
# ##### CHANGELOG ########
# Version 1.0
# 
#
#

Import-Module ActiveDirectory

# Build the array of systems we are targeting via AD.
# If you want to target all windows systems, remove the *7* from the first line, and comment out the second line directly below this comment.
$servers = Get-ADComputer -Filter "OperatingSystem -like 'Windows *7*'" -Properties * | Select Name | select -ExpandProperty Name
$servers += Get-ADComputer -Filter "OperatingSystem -like 'Windows *10*'" -Properties * | Select Name | select -ExpandProperty Name

# -----
# DO NOT EDIT ANYTHING BELOW THIS LINE
# -----

Start-Transcript -Path "find-lithnet.txt" -Append

ForEach ($server in $servers) {

 If(Test-Connection -BufferSize 32 -Count 1 -ComputerName $server -Quiet) {
    Write-Host "`r`n $server is Online. Checking logged on users...`r`n"

    quser /server $server | Out-Default

    tasklist /S $server /FI "IMAGENAME eq Lithnet.IdleLogoff.exe" | Out-Default

    write-host "`r`n"

 }
 else
 {
    write-host "$server is not online... Checking next system...`r`n" 
 }                           

}

stop-transcript

Leave a Comment

Your email address will not be published. Required fields are marked *