We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

How do you send Alt + Ctrl + Delete to a terminal services session within another terminal services session?

jspaziano
jspaziano asked
on
Medium Priority
1,067 Views
Last Modified: 2007-12-19
A client runs an app that requires a management console be running on the server at all times.
Occasionally we need to support them remotely.

I've configured terminal services so that i can access the local console by typing the: shadow 0    command at a command prompt.

However, security requirements require that the server's desktop is locked after a few minutes of not being in use.
Does anyone know how to send an Alt + Ctrl + Delete to a pc within another Terminal Services/Remote Desktop connection?

I've tried all the common things i could find.. Alt + Ctrl + End does not work.. that works fine when making a remote desktop connection directly to a pc that requires you hit ctrl + alt + delete, but apparently that command isn't passed on when you're making a terminal services connection within another terminal services connection.

 
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2005

Commented:
Does ALT+END work ?  Right side keys.

CERTIFIED EXPERT
Top Expert 2005

Commented:
Apparently, that doesn't work (just tested).

It's easiest to create a new shortcut on the Desktop with the following path:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

Copy and paste that as it's case sensitive.

Name it Lock Console.

Double-click it to lock the console.

Author

Commented:
The problem isn't being able to lock the console remotely.

it's that when i type shadow 0 to view what's on the console when i'm actually connected to the server in a Terminal Services session, the console has been locked by the screensaver and none of the standard combinations seem to be able to unlock it.


CERTIFIED EXPERT
Top Expert 2005

Commented:
Sorry, misread that question entirely.

Let me experiment here.  BRB.

Author

Commented:
Another way around this, would be to get the shadow 0 command to not open up in a full screen.

as a worst-case solution, i could always use the on-screen keyboard to send alt + ctrl + delete if my console session is shown not as full screen.  However by default it seems that this always opens in full screen and that there's no switch to make it not open in full screen.

I've found KB articles that let you connect remotely to a console from another server, but it logs off the user currently connected.
I need to be able to remotely connect to a console session without logging off the account currently logged on to the console.

Author

Commented:
Thanks for your help .. if you've never used that shadow 0 command to view a console within a terminal services session, here's how to set it up:

Start -> Run -> gpedit.msc

Go to: Computer Configuration --> Administrative Templates --> Windows Components --> Terminal Services

When you left click on terminal services, in the right window you will see an option for:
Sets rules for remote control of terminal services user sessions

Double click that, and select the Enable radio button.
Then next to options, choose the "view session without users' permission" option.

Hit apply, ok

then go to a command prompt and enter this command:  gpupdate /force

.. you can then connect to the local console within a terminal services session by typing shadow 0 at a command prompt.
CERTIFIED EXPERT
Top Expert 2005

Commented:
Ok, when I TS into another machine from inside another TS session (on a third machine) I always get the logon box without the CTRL+ALT+DEL splash.

I'm going to log in and let the screensaver kick in to see what happens.

Author

Commented:
Thanks.

I think the problem is that shadow 0 isn't really a terminal services session, rather just viewing the console within a Terminal Services session.

Everything i've read says that CTRL + ALT + END works for terminal services sessions.. but it doesn't work with this shadow 0 connection.

I could always use VNC but i'd rather just use terminal services if i can get away with it.
CERTIFIED EXPERT
Top Expert 2005

Commented:
CTRL+ALT+END seems to work on the first TS session but not against the nested session.

You can always set the policy on the second server so CTRL+ALT+DEL is not required.  

It's here:

Computer Config>Windows Settings>Security Settings>Local Policies>Security Options

:: Interactive Logon: Do not require CTRL+ALT+DEL

This should get you around that.



CERTIFIED EXPERT
Top Expert 2005

Commented:
Ok, just tried a nested TS session from my workstation to another workstation then to the server.  Even after the screensaver kicks in on the server, I get the logon box with no requirement for CTRL+ALT+DEL even using a Shadow 0 session.

Are you using accounts that not strictly admin accounts?  I used the Domain\Administrator account to logon to the server so it's unaffected by any GPO that a normal user account with admin rights is.

CERTIFIED EXPERT
Top Expert 2005

Commented:
Oops, sorry for that confusion:

Are you using accounts that not strictly admin accounts?


Should have been: Are you using accounts that ARE strictly admin accounts?

Boy, I confused myself!

Author

Commented:
I am using accounts that are domain admin accounts.

I did think of not requiring alt+ctrl+delete .. but i'm guessing that someone will need to unlock the console before that setting takes effect since it was already locked when i made the policy change.

i'll let you know how it goes.. although i'm not sure if not requiring alt+ctrl+delete would fly with the security requirements of some of the clients we deal with.

Commented:
And justifying, I think I need to :

- PAQ because I think that very valuable information is provided here.
- Points refunded because we still are not sure that Netman's suggestions would fully comply with the asker's requirements.

Anyway, making that decision was a real brain teaser and I'm still not sure I did what was right. Comments welcome :)

Cheers
CERTIFIED EXPERT
Top Expert 2005

Commented:
Seems that the only way to resolve this issue is to remove the requirement for CTRL+ALT+DEL on the second (nested) server.

I cannot reproduce the problem here - it simply doesn't show this issue in the nested session - it immediately goes to the logon box when you move the mouse.

PAQed with points refunded (500)

Computer101
EE Admin

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.