Solved

denying server access through remote desktop connection when all ports in use

Posted on 2007-04-02
6
234 Views
Last Modified: 2013-11-21
Hi experts,

I have three users who need to access two available ports on the server using remote desktop.  When both ports are in use I wish to refuse access to the third user rather than bumping off one of the other two users.  At the moment remote desktop connection seems to bump off an exisitng user by default and I wish to change this so that access is denied in these circumstances.  Is this possible?  We are using Windows Server 2003.

Best regards,
Terry
0
Comment
Question by:TerenceHewett
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18835762
Are they using the same username to log on?  Because that's the only way it would "bump off" a current user.  I'm assuming that you are running this server only with Remote Desktop for Administration.... which is not a true Terminal Services configuration and should NOT be used for running applications... because it doesn't actually provide the same level of file locking, etc. that is necessary in an application environment.

Jeff
TechSoEasy
0
 

Author Comment

by:TerenceHewett
ID: 18835996
Hi Jeff, thank you for your post. The users will be using the same user name but I wanted to prevent a second user from bumping off the first user if possible.  

Not sure how to answer the question about Remote Desktop for Administration.  We are using a Windows based Remote Desktop Connection and are not familiar with Remote Desktop for Administration.

Many thanks for your help.

Terry
0
 
LVL 3

Expert Comment

by:hbbw063
ID: 18836547
Why not setting up each user with its own user account, as long as user will be connected on TS he can not be disconnected unless using tsadmin. I believe this will fix your problem.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Assisted Solution

by:MaDMaRTiGaN
MaDMaRTiGaN earned 200 total points
ID: 18836551
When the users connect to a session other than the console session (session 0) things would work fine for you. The console session can only have one user at a time. When using Remote Desktop for Administration two additional sessions are available. The third user will get a "The terminal server has exceeded the maximum number of allowed connections." message. So the solution is not to connect to the console session of the server.

To setup a full screen session to the server use the following command:
mstsc.exe /v:<server> /f

Use mstsc.exe /? to few the other connection options.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 300 total points
ID: 18849059
Terry,

Why would the users be logging in with the same name?  Because you cannot prevent the bumping since the server has no idea that the user is a different person when you use the same username.  It assums that the first user lost their connection and is reconnecting.  So if UserA is logged on and then UserB logs on with the same username, UserB will assume UserA's session and will see whatever UserA was working on.  

If you have each user log in with their own account, you won't have this problem, and the third user will be denied access when the first two users are connected.  (pretty much as hbbw063 has already suggested to you)

My comment about Remote Desktop for Administration was not really a question for you to answer, but rather a commentary on what seems like your improper use of the remote administration tool.  If you only have TWO available sessions on your server, you are running Remote Desktop for Administration, not Terminal Services.  What this means is that your users must be members of the Administrators group in order to connect to the server.  As members of that group, there is no way for you to create any kind of restricting policy that would prevent these users from causing irreprable harm to your server, should they decide to poke around a bit.

Jeff
TechSoEasy

0
 

Author Comment

by:TerenceHewett
ID: 18925161
Thank you very much for all your posts.  I have taken your points on board. I will award the points accordingly and apologise for the delay in responding.

Regards,
Terry
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now