denying server access through remote desktop connection when all ports in use

Hi experts,

I have three users who need to access two available ports on the server using remote desktop.  When both ports are in use I wish to refuse access to the third user rather than bumping off one of the other two users.  At the moment remote desktop connection seems to bump off an exisitng user by default and I wish to change this so that access is denied in these circumstances.  Is this possible?  We are using Windows Server 2003.

Best regards,
Terry
TerenceHewettAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Are they using the same username to log on?  Because that's the only way it would "bump off" a current user.  I'm assuming that you are running this server only with Remote Desktop for Administration.... which is not a true Terminal Services configuration and should NOT be used for running applications... because it doesn't actually provide the same level of file locking, etc. that is necessary in an application environment.

Jeff
TechSoEasy
0
TerenceHewettAuthor Commented:
Hi Jeff, thank you for your post. The users will be using the same user name but I wanted to prevent a second user from bumping off the first user if possible.  

Not sure how to answer the question about Remote Desktop for Administration.  We are using a Windows based Remote Desktop Connection and are not familiar with Remote Desktop for Administration.

Many thanks for your help.

Terry
0
hbbw063Commented:
Why not setting up each user with its own user account, as long as user will be connected on TS he can not be disconnected unless using tsadmin. I believe this will fix your problem.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

MaDMaRTiGaNCommented:
When the users connect to a session other than the console session (session 0) things would work fine for you. The console session can only have one user at a time. When using Remote Desktop for Administration two additional sessions are available. The third user will get a "The terminal server has exceeded the maximum number of allowed connections." message. So the solution is not to connect to the console session of the server.

To setup a full screen session to the server use the following command:
mstsc.exe /v:<server> /f

Use mstsc.exe /? to few the other connection options.
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Terry,

Why would the users be logging in with the same name?  Because you cannot prevent the bumping since the server has no idea that the user is a different person when you use the same username.  It assums that the first user lost their connection and is reconnecting.  So if UserA is logged on and then UserB logs on with the same username, UserB will assume UserA's session and will see whatever UserA was working on.  

If you have each user log in with their own account, you won't have this problem, and the third user will be denied access when the first two users are connected.  (pretty much as hbbw063 has already suggested to you)

My comment about Remote Desktop for Administration was not really a question for you to answer, but rather a commentary on what seems like your improper use of the remote administration tool.  If you only have TWO available sessions on your server, you are running Remote Desktop for Administration, not Terminal Services.  What this means is that your users must be members of the Administrators group in order to connect to the server.  As members of that group, there is no way for you to create any kind of restricting policy that would prevent these users from causing irreprable harm to your server, should they decide to poke around a bit.

Jeff
TechSoEasy

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TerenceHewettAuthor Commented:
Thank you very much for all your posts.  I have taken your points on board. I will award the points accordingly and apologise for the delay in responding.

Regards,
Terry
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.