?
Solved

How do you send Alt + Ctrl + Delete to a terminal services session within another terminal services session?

Posted on 2006-11-06
16
Medium Priority
?
1,018 Views
Last Modified: 2007-12-19
A client runs an app that requires a management console be running on the server at all times.
Occasionally we need to support them remotely.

I've configured terminal services so that i can access the local console by typing the: shadow 0    command at a command prompt.

However, security requirements require that the server's desktop is locked after a few minutes of not being in use.
Does anyone know how to send an Alt + Ctrl + Delete to a pc within another Terminal Services/Remote Desktop connection?

I've tried all the common things i could find.. Alt + Ctrl + End does not work.. that works fine when making a remote desktop connection directly to a pc that requires you hit ctrl + alt + delete, but apparently that command isn't passed on when you're making a terminal services connection within another terminal services connection.

 
0
Comment
Question by:jspaziano
15 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 17886099
Does ALT+END work ?  Right side keys.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886135
Apparently, that doesn't work (just tested).

It's easiest to create a new shortcut on the Desktop with the following path:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

Copy and paste that as it's case sensitive.

Name it Lock Console.

Double-click it to lock the console.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886170
The problem isn't being able to lock the console remotely.

it's that when i type shadow 0 to view what's on the console when i'm actually connected to the server in a Terminal Services session, the console has been locked by the screensaver and none of the standard combinations seem to be able to unlock it.


0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 51

Expert Comment

by:Netman66
ID: 17886186
Sorry, misread that question entirely.

Let me experiment here.  BRB.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886190
Another way around this, would be to get the shadow 0 command to not open up in a full screen.

as a worst-case solution, i could always use the on-screen keyboard to send alt + ctrl + delete if my console session is shown not as full screen.  However by default it seems that this always opens in full screen and that there's no switch to make it not open in full screen.

I've found KB articles that let you connect remotely to a console from another server, but it logs off the user currently connected.
I need to be able to remotely connect to a console session without logging off the account currently logged on to the console.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886201
Thanks for your help .. if you've never used that shadow 0 command to view a console within a terminal services session, here's how to set it up:

Start -> Run -> gpedit.msc

Go to: Computer Configuration --> Administrative Templates --> Windows Components --> Terminal Services

When you left click on terminal services, in the right window you will see an option for:
Sets rules for remote control of terminal services user sessions

Double click that, and select the Enable radio button.
Then next to options, choose the "view session without users' permission" option.

Hit apply, ok

then go to a command prompt and enter this command:  gpupdate /force

.. you can then connect to the local console within a terminal services session by typing shadow 0 at a command prompt.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886211
Ok, when I TS into another machine from inside another TS session (on a third machine) I always get the logon box without the CTRL+ALT+DEL splash.

I'm going to log in and let the screensaver kick in to see what happens.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886235
Thanks.

I think the problem is that shadow 0 isn't really a terminal services session, rather just viewing the console within a Terminal Services session.

Everything i've read says that CTRL + ALT + END works for terminal services sessions.. but it doesn't work with this shadow 0 connection.

I could always use VNC but i'd rather just use terminal services if i can get away with it.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886283
CTRL+ALT+END seems to work on the first TS session but not against the nested session.

You can always set the policy on the second server so CTRL+ALT+DEL is not required.  

It's here:

Computer Config>Windows Settings>Security Settings>Local Policies>Security Options

:: Interactive Logon: Do not require CTRL+ALT+DEL

This should get you around that.



0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886294
Ok, just tried a nested TS session from my workstation to another workstation then to the server.  Even after the screensaver kicks in on the server, I get the logon box with no requirement for CTRL+ALT+DEL even using a Shadow 0 session.

Are you using accounts that not strictly admin accounts?  I used the Domain\Administrator account to logon to the server so it's unaffected by any GPO that a normal user account with admin rights is.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886347
Oops, sorry for that confusion:

Are you using accounts that not strictly admin accounts?


Should have been: Are you using accounts that ARE strictly admin accounts?

Boy, I confused myself!
0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886375
I am using accounts that are domain admin accounts.

I did think of not requiring alt+ctrl+delete .. but i'm guessing that someone will need to unlock the console before that setting takes effect since it was already locked when i made the policy change.

i'll let you know how it goes.. although i'm not sure if not requiring alt+ctrl+delete would fly with the security requirements of some of the clients we deal with.

0
 
LVL 9

Expert Comment

by:vsg375
ID: 18092393
And justifying, I think I need to :

- PAQ because I think that very valuable information is provided here.
- Points refunded because we still are not sure that Netman's suggestions would fully comply with the asker's requirements.

Anyway, making that decision was a real brain teaser and I'm still not sure I did what was right. Comments welcome :)

Cheers
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18095368
Seems that the only way to resolve this issue is to remove the requirement for CTRL+ALT+DEL on the second (nested) server.

I cannot reproduce the problem here - it simply doesn't show this issue in the nested session - it immediately goes to the logon box when you move the mouse.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18119252
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question