How do you send Alt + Ctrl + Delete to a terminal services session within another terminal services session?

A client runs an app that requires a management console be running on the server at all times.
Occasionally we need to support them remotely.

I've configured terminal services so that i can access the local console by typing the: shadow 0    command at a command prompt.

However, security requirements require that the server's desktop is locked after a few minutes of not being in use.
Does anyone know how to send an Alt + Ctrl + Delete to a pc within another Terminal Services/Remote Desktop connection?

I've tried all the common things i could find.. Alt + Ctrl + End does not work.. that works fine when making a remote desktop connection directly to a pc that requires you hit ctrl + alt + delete, but apparently that command isn't passed on when you're making a terminal services connection within another terminal services connection.

 
LVL 2
jspazianoctoAsked:
Who is Participating?
 
Computer101Connect With a Mentor Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
 
Netman66Commented:
Does ALT+END work ?  Right side keys.

0
 
Netman66Commented:
Apparently, that doesn't work (just tested).

It's easiest to create a new shortcut on the Desktop with the following path:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

Copy and paste that as it's case sensitive.

Name it Lock Console.

Double-click it to lock the console.

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
jspazianoctoAuthor Commented:
The problem isn't being able to lock the console remotely.

it's that when i type shadow 0 to view what's on the console when i'm actually connected to the server in a Terminal Services session, the console has been locked by the screensaver and none of the standard combinations seem to be able to unlock it.


0
 
Netman66Commented:
Sorry, misread that question entirely.

Let me experiment here.  BRB.

0
 
jspazianoctoAuthor Commented:
Another way around this, would be to get the shadow 0 command to not open up in a full screen.

as a worst-case solution, i could always use the on-screen keyboard to send alt + ctrl + delete if my console session is shown not as full screen.  However by default it seems that this always opens in full screen and that there's no switch to make it not open in full screen.

I've found KB articles that let you connect remotely to a console from another server, but it logs off the user currently connected.
I need to be able to remotely connect to a console session without logging off the account currently logged on to the console.

0
 
jspazianoctoAuthor Commented:
Thanks for your help .. if you've never used that shadow 0 command to view a console within a terminal services session, here's how to set it up:

Start -> Run -> gpedit.msc

Go to: Computer Configuration --> Administrative Templates --> Windows Components --> Terminal Services

When you left click on terminal services, in the right window you will see an option for:
Sets rules for remote control of terminal services user sessions

Double click that, and select the Enable radio button.
Then next to options, choose the "view session without users' permission" option.

Hit apply, ok

then go to a command prompt and enter this command:  gpupdate /force

.. you can then connect to the local console within a terminal services session by typing shadow 0 at a command prompt.
0
 
Netman66Commented:
Ok, when I TS into another machine from inside another TS session (on a third machine) I always get the logon box without the CTRL+ALT+DEL splash.

I'm going to log in and let the screensaver kick in to see what happens.

0
 
jspazianoctoAuthor Commented:
Thanks.

I think the problem is that shadow 0 isn't really a terminal services session, rather just viewing the console within a Terminal Services session.

Everything i've read says that CTRL + ALT + END works for terminal services sessions.. but it doesn't work with this shadow 0 connection.

I could always use VNC but i'd rather just use terminal services if i can get away with it.
0
 
Netman66Commented:
CTRL+ALT+END seems to work on the first TS session but not against the nested session.

You can always set the policy on the second server so CTRL+ALT+DEL is not required.  

It's here:

Computer Config>Windows Settings>Security Settings>Local Policies>Security Options

:: Interactive Logon: Do not require CTRL+ALT+DEL

This should get you around that.



0
 
Netman66Commented:
Ok, just tried a nested TS session from my workstation to another workstation then to the server.  Even after the screensaver kicks in on the server, I get the logon box with no requirement for CTRL+ALT+DEL even using a Shadow 0 session.

Are you using accounts that not strictly admin accounts?  I used the Domain\Administrator account to logon to the server so it's unaffected by any GPO that a normal user account with admin rights is.

0
 
Netman66Commented:
Oops, sorry for that confusion:

Are you using accounts that not strictly admin accounts?


Should have been: Are you using accounts that ARE strictly admin accounts?

Boy, I confused myself!
0
 
jspazianoctoAuthor Commented:
I am using accounts that are domain admin accounts.

I did think of not requiring alt+ctrl+delete .. but i'm guessing that someone will need to unlock the console before that setting takes effect since it was already locked when i made the policy change.

i'll let you know how it goes.. although i'm not sure if not requiring alt+ctrl+delete would fly with the security requirements of some of the clients we deal with.

0
 
vsg375Commented:
And justifying, I think I need to :

- PAQ because I think that very valuable information is provided here.
- Points refunded because we still are not sure that Netman's suggestions would fully comply with the asker's requirements.

Anyway, making that decision was a real brain teaser and I'm still not sure I did what was right. Comments welcome :)

Cheers
0
 
Netman66Commented:
Seems that the only way to resolve this issue is to remove the requirement for CTRL+ALT+DEL on the second (nested) server.

I cannot reproduce the problem here - it simply doesn't show this issue in the nested session - it immediately goes to the logon box when you move the mouse.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.