Solved

How do you send Alt + Ctrl + Delete to a terminal services session within another terminal services session?

Posted on 2006-11-06
16
987 Views
Last Modified: 2007-12-19
A client runs an app that requires a management console be running on the server at all times.
Occasionally we need to support them remotely.

I've configured terminal services so that i can access the local console by typing the: shadow 0    command at a command prompt.

However, security requirements require that the server's desktop is locked after a few minutes of not being in use.
Does anyone know how to send an Alt + Ctrl + Delete to a pc within another Terminal Services/Remote Desktop connection?

I've tried all the common things i could find.. Alt + Ctrl + End does not work.. that works fine when making a remote desktop connection directly to a pc that requires you hit ctrl + alt + delete, but apparently that command isn't passed on when you're making a terminal services connection within another terminal services connection.

 
0
Comment
Question by:jspaziano
16 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 17886099
Does ALT+END work ?  Right side keys.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886135
Apparently, that doesn't work (just tested).

It's easiest to create a new shortcut on the Desktop with the following path:

%windir%\system32\rundll32.exe user32.dll,LockWorkStation

Copy and paste that as it's case sensitive.

Name it Lock Console.

Double-click it to lock the console.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886170
The problem isn't being able to lock the console remotely.

it's that when i type shadow 0 to view what's on the console when i'm actually connected to the server in a Terminal Services session, the console has been locked by the screensaver and none of the standard combinations seem to be able to unlock it.


0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886186
Sorry, misread that question entirely.

Let me experiment here.  BRB.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886190
Another way around this, would be to get the shadow 0 command to not open up in a full screen.

as a worst-case solution, i could always use the on-screen keyboard to send alt + ctrl + delete if my console session is shown not as full screen.  However by default it seems that this always opens in full screen and that there's no switch to make it not open in full screen.

I've found KB articles that let you connect remotely to a console from another server, but it logs off the user currently connected.
I need to be able to remotely connect to a console session without logging off the account currently logged on to the console.

0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886201
Thanks for your help .. if you've never used that shadow 0 command to view a console within a terminal services session, here's how to set it up:

Start -> Run -> gpedit.msc

Go to: Computer Configuration --> Administrative Templates --> Windows Components --> Terminal Services

When you left click on terminal services, in the right window you will see an option for:
Sets rules for remote control of terminal services user sessions

Double click that, and select the Enable radio button.
Then next to options, choose the "view session without users' permission" option.

Hit apply, ok

then go to a command prompt and enter this command:  gpupdate /force

.. you can then connect to the local console within a terminal services session by typing shadow 0 at a command prompt.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886211
Ok, when I TS into another machine from inside another TS session (on a third machine) I always get the logon box without the CTRL+ALT+DEL splash.

I'm going to log in and let the screensaver kick in to see what happens.

0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 2

Author Comment

by:jspaziano
ID: 17886235
Thanks.

I think the problem is that shadow 0 isn't really a terminal services session, rather just viewing the console within a Terminal Services session.

Everything i've read says that CTRL + ALT + END works for terminal services sessions.. but it doesn't work with this shadow 0 connection.

I could always use VNC but i'd rather just use terminal services if i can get away with it.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886283
CTRL+ALT+END seems to work on the first TS session but not against the nested session.

You can always set the policy on the second server so CTRL+ALT+DEL is not required.  

It's here:

Computer Config>Windows Settings>Security Settings>Local Policies>Security Options

:: Interactive Logon: Do not require CTRL+ALT+DEL

This should get you around that.



0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886294
Ok, just tried a nested TS session from my workstation to another workstation then to the server.  Even after the screensaver kicks in on the server, I get the logon box with no requirement for CTRL+ALT+DEL even using a Shadow 0 session.

Are you using accounts that not strictly admin accounts?  I used the Domain\Administrator account to logon to the server so it's unaffected by any GPO that a normal user account with admin rights is.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17886347
Oops, sorry for that confusion:

Are you using accounts that not strictly admin accounts?


Should have been: Are you using accounts that ARE strictly admin accounts?

Boy, I confused myself!
0
 
LVL 2

Author Comment

by:jspaziano
ID: 17886375
I am using accounts that are domain admin accounts.

I did think of not requiring alt+ctrl+delete .. but i'm guessing that someone will need to unlock the console before that setting takes effect since it was already locked when i made the policy change.

i'll let you know how it goes.. although i'm not sure if not requiring alt+ctrl+delete would fly with the security requirements of some of the clients we deal with.

0
 
LVL 9

Expert Comment

by:vsg375
ID: 18092393
And justifying, I think I need to :

- PAQ because I think that very valuable information is provided here.
- Points refunded because we still are not sure that Netman's suggestions would fully comply with the asker's requirements.

Anyway, making that decision was a real brain teaser and I'm still not sure I did what was right. Comments welcome :)

Cheers
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18095368
Seems that the only way to resolve this issue is to remove the requirement for CTRL+ALT+DEL on the second (nested) server.

I cannot reproduce the problem here - it simply doesn't show this issue in the nested session - it immediately goes to the logon box when you move the mouse.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18119252
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now