In the previous post I introduced you guys to basic PowerCli

Well Today I’ve got a practical example script.
Over the last few weeks we had a lot of open sessions on our vCenter server.
This from people leaving there client open and never closing them (retards, sorry for the language).
This generated some idle sessions from a few hours to a few days :-S

This got so on my nerves that I wanted a solution for this, unfortunately vmWare did not implement the feature to disconnect idle session after a specific time in the Client or vCenter settings.

So time to build a script

First of all let’s create a script that will display the current sessions

$svcRef = new-object VMware.Vim.ManagedObjectReference
$svcRef.Type = "ServiceInstance"
$svcRef.Value = "ServiceInstance"
$serviceInstance = get-view $svcRef
$sessMgr = get-view $serviceInstance.Content.sessionManager foreach ($sess in $sessMgr.SessionList){write "$($sess.UserName)"}

Now on to the good part disconnecting users 😛
The following script will disconnect users after 12 hours of idle time.


#load the vmware powercli snapin

add-pssnapin VMware.VimAutomation.Core

#for all clarity clear the window
clear

#define some variables
#vcenter server
$vCenterServer= “localhost”
#Maximum time (in hours) a users can be idle)
$MaxIdleTime = 12

#connect to the vCenter server
$VC = Connect-VIServer $vCenterServer

#create the view
$ServiceInstance = Get-View ServiceInstance

$SessionManager = Get-View $ServiceInstance.Content.SessionManager

#Search the sessions that are idle and kill them
$SessionManager.SessionList |Where {$_.LastActiveTime -lt (Get-Date).AddHours(-$MaxIdleTime)} |% {$SessionManager.TerminateSession($_.Key)}

#Disconnect the connection to the server
Disconnect-VIServer * -Confirm:$False

Save the script to a file with extension Ps1 I’ve called my file Disconnect-Idle-Users.Ps1 and saved it in this directory D:\Scripts\

To automate the disconnection of idle sessions I’ve created a sheduled task

The program/script to run:

 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

with the following arguments

-command "& 'D:\Scripts\Disconnect-Idle-Users.Ps1'"

Run Every hour

Where D:\Scripts\Disconnect-Idle-Users.Ps1 is the path to you’re script

After running this script for about a month or two I got some extra features that I wanted to add.
Every day I had to relogin to my vSphere client (since I work daily with vmware this was quite annoying)

Security aside I started thinking isn’t there a way to exclude users from disconnected (especially thinking of my own).
And indeed there is a post on the vmware forum where you can exclude users being disconnected.

add-pssnapin VMware.VimAutomation.Core
$vCenterServer= “localhost”
$VC = Connect-VIServer $vCenterServer
$excluded = "domain\user1","domain\user2"
$sessMgr = Get-View SessionManager
$oldSessions = @()
foreach ($sess in $sessMgr.SessionList){
if ((($sess.LastActiveTime).AddHours(4)) -lt (Get-Date) -and $excluded -notcontains $sess.UserName){
$oldSessions += $sess.Key
}
}
$sessMgr.TerminateSession($oldSessions)
Disconnect-VIServer * -Confirm:$False

Even a scripts that reads a file with a list of excluded users and logging of users that are being disconnected

add-pssnapin VMware.VimAutomation.Core
$report = @()
$viservers = "localhost"
$excluded = Get-Content "./exclude-users.txt"
foreach ($singleViserver in $viservers){
Connect-VIServer $singleViserver -user USERNAME -password 'PASSWORD'
$sessMgr = Get-View SessionManager
$oldSessions = @()
foreach ($sess in $sessMgr.SessionList){
if ((($sess.LastActiveTime).AddHours(4)) -lt (Get-Date) -and $excluded -notcontains $sess.UserName){
$oldSessions += $sess.Key
$row = "" | Select UserName,FullName,Timestamp,Server,LoginTime,LastActiveTime
$row.UserName = $see.userName
$row.FullName = $sess.fullName
$row.Timestamp = Get-Date
$row.Server = $singleVIServer
$row.LoginTime = $sess.loginTime
$row.LastACtiveTime = $sess.lastActiveTime
$report += $row          }
}
if($oldSessions.Count -gt 0){
$sessMgr.TerminateSession($oldSessions)
}
}
$report
Disconnect-VIServer * -Confirm:$False

Have fun using these scripts