This post was modified / updated on February 2, 2021. First published September 7, 2014.

Based on user feedback, I decided to write a nice tool SAPIEN PowerShell Studio 2015 which is a great support when developing scripts.

This tool supports IT support for managing remote desktop users based on Remote Desktop Services 2012 / R2.

Download a copy of this tool at the end of this article.

Okay, this isn’t really a blog post about server virtualization – but still in virtualization mode, of course, Remote Desktop Services (RDS) session virtualization, formerly known as Terminal Services (TS) and purely from PowerShell. Nonetheless – I use it quite often when writing RDS – so I thought I’d post it here.

As you know, the new BYOD (Bring Your Own Device) season expands the number of devices on a daily basis, operating systems and applications, and the constant expectation that we should all be able to access important data from anywhere, anytime. Users can bring the device they want to work or work from home on their own personal device by using the RDP client for that device and establishing a secure connection to it.

You can get the latest Microsoft Remote Desktop Client for free for each platform here:

The simple fact is that the desktop and applications we provide to our users are now on servers under direct control, and when they work locally or remotely, their virtual desktop / session is still in the data center. RDS in all its forms is then the ideal way to allow (BYOD) policy.

Microsoft® RDS now includes two technologies for providing virtual workstations, Session Virtualization and VDI, based on a collection of Windows 8 or 8.1 virtual workstations. While session virtualization uses much less hardware resources, it is based on the server operating system, which can be less of an experience for our users and limit the applications we can provide with this technology. On the opposite side, VDI consumes more resources but provides our users with a first-class experience. VDI also differs from RemoteApp, which allows you to deliver individual remote applications to users’ own local workstations. Where they can run in parallel with local applications. Here is not the right answer as to which option you need to choose, but what is right for the department or business unit that uses VDI.

For more information about Remote Desktop Services, see here.

If you previously used RDS, or TS, in previous releases of Windows Server, you’ll notice a huge improvement in Windows Server 2012 / R2 that makes deploying VDI faster and easier by providing a new unified centralized experience. RDS previously required several management tools, but with Server 2012 / R2, most of them were combined into a single management console built into the new Server Manager that was deployed in Windows Server 2012, as shown below:

New Server Manager centralized experience Remote Desktop Services introduction. (Photo: Charbel Nemnom)

Long story short, I’m using Remote Desktop Services because Windows Server 2003 / R2, which is only a few months away from support, make sure you started planning to upgrade your current infrastructure to Windows Server 2012 R2.

Now back to Windows Server 2003 / R2 and 2008 / R2. If you need to redirect / shadow or log in to a remote user session, we did the following as shown below:



The Terminal Services experience is Windows Server 2003 / R2. (Photo: Charbel Nemnom)



Remote Desktop Services Experience Windows Server 2008 / R2. (Photo: Charbel Nemnom)

In Windows Server 2012, Microsoft removed Remote control / shadow feature and limit sign out one user at a time in the user interface Sad smilethat is, you cannot select multiple users and log off at the same time as we met in Windows Server 2008 / R2 and 2003 / R2.


But in Windows Server 2012 R2, Microsoft is bringing back the called feature The shadow of the session, which allows you to track or manage active user sessions. This was not available in Windows Server 2012, but Microsoft responded to feedback from customers who needed the feature Smile, However sign out feature still one user at a time.


There are two ways to secure a remote user session in Windows Server 2012 R2:

  • You can use Server Manager if you want a graphical user interface OR
  • You can use the command line if you want a text-based interface

In Server Manager, you can search for a session collection where the user whose session you want to manage is active, or if you know which collection it is, you can access it directly in the Collections section. You can choose whether you want to manage the session or just view it, and also whether the user is prompted or not.

Type the following command at a command prompt on your computer that has Remote Desktop Client version 8.1 or later:

C: > mstsc / v: / shadow:

If you are wondering, how should you know the session ID? to resolve this, run the following PowerShell cmdlet (you must first import the Remote Desktop Module):

PS C: > Import the module into RemoteDesktop
PS C: > Get-RDUserSession

so what sign out more than one user at a time? this feature is still missing.

The answer is…

With PowerShell, Of course:

 Select Remote Session State and logs off the user sessions.

 Select Remote Session State (Disconnected/Active/Idle/All) and logs off the user sessions.

 File Name: RDSessionSupport.ps1
 Author   : Charbel Nemnom
 Version  : 1.0
 Requires : PowerShell Version 3.0 or above
 OS       : Windows Server 2012 or above with Remote Desktop Connection Broker Role

 To provide feedback or for further assistance visit:
Cover Page
.EXAMPLE Run the script as administrator and select your desired choice. #> Write-Host "==================================================" Write-Host "" Write-Host " PLEASE SELECT YOUR CHOICE " Write-Host "" Write-Host "==================================================" Write-Host "" Write-Host " A. End All Disconnected Remote User Sessions" Write-Host " B. End All Active Remote User Sessions" Write-Host " C. End All Idle Remote User Sessions" Write-Host " D. End All Remote User Sessions" Write-Host " X. Cancel and quit" $choice = Read-Host "`nEnter your Selection" Switch ($choice) { "A" {$RDSessions = Get-RDUserSession | Where-Object -Filter {$_.SessionState -eq 'STATE_DISCONNECTED'} } "B" {$RDSessions = Get-RDUserSession | Where-Object -Filter {$_.SessionState -eq 'STATE_ACTIVE'} } "C" {$RDSessions = Get-RDUserSession | Where-Object -Filter {$_.SessionState -eq 'STATE_IDLE'} } "D" {$RDSessions = Get-RDUserSession} "X" {Exit} } If (!$RDSessions) { Write-Output "No Remote User Sessions found with Choice:" $choice } Else { # Start Loop Foreach ($RDSession in $RDSessions) { Invoke-RDUserLogoff -UnifiedSessionID $RDSession.SessionId -HostServer $RDSession.HostServer -Force Write-Output "The user" $RDSession.UserName "is logged off from" $RDSession.HostServer "server" } # End Loop } # End If Read-Host "`nPress Enter to Exit <|"

Using the PowerShell script above, the user selects the session state that he or she wants to log out of, and then all sessions in the selected state are logged out of all remote desktop session hosts (RDSH).


Indeed, there are different ways to achieve the same result I'm just teasing, but nonetheless it has worked for me and I think it is much more comfortable than logging in to each user manually, so it is.

However, a couple of areas that could definitely be improved, you have to choose which user you want to log out of, etc.

Version 2.0:

RD Session Support V2-03

You can download a copy of this tool at TechNet Gallery GitHub here.

This is version 2.0, do you have any other scenarios? Leave your Feedback below.

Hope to help manage remote desktop session hosts effectively…

Share Your feedback, what would you like to see in the next version?

Until then, enjoy your day!

/ Charbel

Be social and share!


Please enter your comment!
Please enter your name here