Solved

denying server access through remote desktop connection when all ports in use

Posted on 2007-04-02
6
239 Views
Last Modified: 2013-11-21
Hi experts,

I have three users who need to access two available ports on the server using remote desktop.  When both ports are in use I wish to refuse access to the third user rather than bumping off one of the other two users.  At the moment remote desktop connection seems to bump off an exisitng user by default and I wish to change this so that access is denied in these circumstances.  Is this possible?  We are using Windows Server 2003.

Best regards,
Terry
0
Comment
Question by:TerenceHewett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18835762
Are they using the same username to log on?  Because that's the only way it would "bump off" a current user.  I'm assuming that you are running this server only with Remote Desktop for Administration.... which is not a true Terminal Services configuration and should NOT be used for running applications... because it doesn't actually provide the same level of file locking, etc. that is necessary in an application environment.

Jeff
TechSoEasy
0
 

Author Comment

by:TerenceHewett
ID: 18835996
Hi Jeff, thank you for your post. The users will be using the same user name but I wanted to prevent a second user from bumping off the first user if possible.  

Not sure how to answer the question about Remote Desktop for Administration.  We are using a Windows based Remote Desktop Connection and are not familiar with Remote Desktop for Administration.

Many thanks for your help.

Terry
0
 
LVL 3

Expert Comment

by:hbbw063
ID: 18836547
Why not setting up each user with its own user account, as long as user will be connected on TS he can not be disconnected unless using tsadmin. I believe this will fix your problem.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Assisted Solution

by:MaDMaRTiGaN
MaDMaRTiGaN earned 200 total points
ID: 18836551
When the users connect to a session other than the console session (session 0) things would work fine for you. The console session can only have one user at a time. When using Remote Desktop for Administration two additional sessions are available. The third user will get a "The terminal server has exceeded the maximum number of allowed connections." message. So the solution is not to connect to the console session of the server.

To setup a full screen session to the server use the following command:
mstsc.exe /v:<server> /f

Use mstsc.exe /? to few the other connection options.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 300 total points
ID: 18849059
Terry,

Why would the users be logging in with the same name?  Because you cannot prevent the bumping since the server has no idea that the user is a different person when you use the same username.  It assums that the first user lost their connection and is reconnecting.  So if UserA is logged on and then UserB logs on with the same username, UserB will assume UserA's session and will see whatever UserA was working on.  

If you have each user log in with their own account, you won't have this problem, and the third user will be denied access when the first two users are connected.  (pretty much as hbbw063 has already suggested to you)

My comment about Remote Desktop for Administration was not really a question for you to answer, but rather a commentary on what seems like your improper use of the remote administration tool.  If you only have TWO available sessions on your server, you are running Remote Desktop for Administration, not Terminal Services.  What this means is that your users must be members of the Administrators group in order to connect to the server.  As members of that group, there is no way for you to create any kind of restricting policy that would prevent these users from causing irreprable harm to your server, should they decide to poke around a bit.

Jeff
TechSoEasy

0
 

Author Comment

by:TerenceHewett
ID: 18925161
Thank you very much for all your posts.  I have taken your points on board. I will award the points accordingly and apologise for the delay in responding.

Regards,
Terry
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question