Custom PowerShell to logoff disconnected sessions

Privilege Secure Privilege Secure Show & Tell
,
1

I was recently asked if you can use NPS to disconnect idle sessions automatically on the resource you are connecting to.

In order to do this you can create an Activity that will run a custom PowerShell step and can
connect to the target resource and run commands using the Service Account for that resource.

This functionality allows you to extend NPS to do things that you can’t do with the built-in Actions for Activities.

First thing you need to do is create an Activity or edit an existing activity.
Then in the Pre-Session or Post-Session steps (depending on when you want to disconnect the idle users, add a new Run Custom PowerShell step.

When you create a new Run Custom PowerShell step, it pre-populates with an example. You can just use CTRL-A and then press Delete that and put the following in its place!

$targetHost = Get-SbPAMHost -Id $HostId
$session = New-SbPAMPSSession -RemoteHost $targetHost -Credential (Get-PSCredential -Credentials $Credentials)
if ($null -ne $session) {
    try
    {
        Add-SbPAMActionLog -Type Info -Message "Connecting to $($targetHost.DnsHostName)"
        
        $output = Invoke-Command -Session $Session  -ScriptBlock { 
            # all pipeline results are sent back
            # NOTE you don't have the SBPAM module on the remote
            # AND you won't have API access here either
            $PC = &qwinsta | select-string "Disc" | select-string -notmatch "services"
            if ($null -ne $PC)
            {
                $PC | foreach-object {
                    $parts = ($_.ToString() -split " +")
                    $User = $parts[1]
                    $SessionId = $parts[2]
                    if ($null -ne $SessionId)
                    {
                        "Disconnecting User: '$User' SessionId '$SessionId'"
                        &logoff $SessionId
                    }
                    else
                    {
                        "Unable to find session for $_"
                    }
                }
            }
            else
            {
                "No Sessions found to disconnect on $($ENV:COMPUTERNAME)"
            }
        }
        $output | foreach-object {
            # Use a prefix for the message to avoid sending empty strings (PowerShell doesn't like null or empty string args)
            Add-SbPAMActionLog -Message "Result: $_" -Type Info
        }
    }
    finally
    {
        # Close the session
        Remove-PSSession -Session $session
    }
}

So now when the Activity runs, NPS will automatically find all the disconnected sessions and logoff those users.

It will also log the sessions it has ended.

Please let me know if you would like to see more custom PowerShell!

Happy NPSing!

17 Likes
2

Love it! This opens up many more options for doing checks and orchestrating other things locally on the target system.

#orchestration

5 Likes
3

Hi Kev, absolutely I want to see more of your infinite powershell wisdom.

Looking forward to the next hints from your side

3 Likes
4

This is a perfect example of harnessing the power of the forum!

7 Likes
5

Nils let me know if you have any requests! Otherwise I have to dream up things to show off :slight_smile:

1 Like