I'm working with ten other sysadmins that sometimes forget to log out of servers (or even lock them). For two days or more, I've been trying to come up with a 'script' that'll check each server we manage for idle administrator accounts. If they've been idle for more than two days, I intend to log them out (not lock them).
If I could rely on the command 'Query User', this would've been a finished project. But unfortunately, it appears that I cannot rely on that command. Here's some example output from a random server:
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
techyellow console 4 Active none 1/18/2017 10:35 AM
TechYellow has been on vacation since 1/19/2017 - it's been idle for nearly four days now. If I launch a VNC session, I can see - plain as day - Windows is logged in and I can do whatever I want with TechYellow's account; it's not even locked. Yet, my query thinks TechYellow is Active. I've confirmed that the same is true even if the account is locked - it still reports Active more often than not. This is just one example - I've been testing this command on several servers, and I've found that it provides false results more often than correct results, for a variety of different admin accounts.
Is there a better alternative to Query User? I've looked high and low, but everything I've found circles back to similar commands that all report falsely.
I just want to see if an admin is logged in and has been idle for two or more days. That's it! Anyone conquered this in the past?
