Solved

How do you send Alt + Ctrl + Delete to a terminal services session within another terminal services session?

Posted on 2006-11-06
16
983 Views
Last Modified: 2007-12-19
A client runs an app that requires a management console be running on the server at all times.
Occasionally we need to support them remotely.

I've configured terminal services so that i can access the local console by typing the: shadow 0    command at a command prompt.

However, security requirements require that the server's desktop is locked after a few minutes of not being in use.
Does anyone know how to send an Alt + Ctrl + Delete to a pc within another Terminal Services/Remote Desktop connection?

I've tried all the common things i could find.. Alt + Ctrl + End does not work.. that works fine when making a remote desktop connection directly to a pc that requires you hit ctrl + alt + delete, but apparently that command isn't passed on when you're making a terminal services connection within another terminal services connection.

 
0
Comment
Question by:jspaziano
16 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 17886099
Does ALT+END work ?  Right side keys.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886135
Apparently, that doesn't work (just tested).

It's easiest to create a new shortcut on the Desktop with the following path:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

Copy and paste that as it's case sensitive.

Name it Lock Console.

Double-click it to lock the console.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886170
The problem isn't being able to lock the console remotely.

it's that when i type shadow 0 to view what's on the console when i'm actually connected to the server in a Terminal Services session, the console has been locked by the screensaver and none of the standard combinations seem to be able to unlock it.


0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886186
Sorry, misread that question entirely.

Let me experiment here.  BRB.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886190
Another way around this, would be to get the shadow 0 command to not open up in a full screen.

as a worst-case solution, i could always use the on-screen keyboard to send alt + ctrl + delete if my console session is shown not as full screen.  However by default it seems that this always opens in full screen and that there's no switch to make it not open in full screen.

I've found KB articles that let you connect remotely to a console from another server, but it logs off the user currently connected.
I need to be able to remotely connect to a console session without logging off the account currently logged on to the console.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886201
Thanks for your help .. if you've never used that shadow 0 command to view a console within a terminal services session, here's how to set it up:

Start -> Run -> gpedit.msc

Go to: Computer Configuration --> Administrative Templates --> Windows Components --> Terminal Services

When you left click on terminal services, in the right window you will see an option for:
Sets rules for remote control of terminal services user sessions

Double click that, and select the Enable radio button.
Then next to options, choose the "view session without users' permission" option.

Hit apply, ok

then go to a command prompt and enter this command:  gpupdate /force

.. you can then connect to the local console within a terminal services session by typing shadow 0 at a command prompt.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886211
Ok, when I TS into another machine from inside another TS session (on a third machine) I always get the logon box without the CTRL+ALT+DEL splash.

I'm going to log in and let the screensaver kick in to see what happens.

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Author Comment

by:jspaziano
ID: 17886235
Thanks.

I think the problem is that shadow 0 isn't really a terminal services session, rather just viewing the console within a Terminal Services session.

Everything i've read says that CTRL + ALT + END works for terminal services sessions.. but it doesn't work with this shadow 0 connection.

I could always use VNC but i'd rather just use terminal services if i can get away with it.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886283
CTRL+ALT+END seems to work on the first TS session but not against the nested session.

You can always set the policy on the second server so CTRL+ALT+DEL is not required.  

It's here:

Computer Config>Windows Settings>Security Settings>Local Policies>Security Options

:: Interactive Logon: Do not require CTRL+ALT+DEL

This should get you around that.



0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886294
Ok, just tried a nested TS session from my workstation to another workstation then to the server.  Even after the screensaver kicks in on the server, I get the logon box with no requirement for CTRL+ALT+DEL even using a Shadow 0 session.

Are you using accounts that not strictly admin accounts?  I used the Domain\Administrator account to logon to the server so it's unaffected by any GPO that a normal user account with admin rights is.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886347
Oops, sorry for that confusion:

Are you using accounts that not strictly admin accounts?


Should have been: Are you using accounts that ARE strictly admin accounts?

Boy, I confused myself!
0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886375
I am using accounts that are domain admin accounts.

I did think of not requiring alt+ctrl+delete .. but i'm guessing that someone will need to unlock the console before that setting takes effect since it was already locked when i made the policy change.

i'll let you know how it goes.. although i'm not sure if not requiring alt+ctrl+delete would fly with the security requirements of some of the clients we deal with.

0
 
LVL 9

Expert Comment

by:vsg375
ID: 18092393
And justifying, I think I need to :

- PAQ because I think that very valuable information is provided here.
- Points refunded because we still are not sure that Netman's suggestions would fully comply with the asker's requirements.

Anyway, making that decision was a real brain teaser and I'm still not sure I did what was right. Comments welcome :)

Cheers
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18095368
Seems that the only way to resolve this issue is to remove the requirement for CTRL+ALT+DEL on the second (nested) server.

I cannot reproduce the problem here - it simply doesn't show this issue in the nested session - it immediately goes to the logon box when you move the mouse.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18119252
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now