Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restrict user to Terminal Server console session

Posted on 2007-04-10
4
Medium Priority
?
2,192 Views
Last Modified: 2013-11-21
Hi,

I am setting up a server that will be running a SCADA system (Wonderware) and will be running Terminal Services on Windows Server 2003.  There are 2 logging programs that need to run at system startup so I have enabled the automatic logon option for a user (eg:wonderadmin) and placed the shortcuts in their startup directory.  Users can then connect in using their credentials in Terminal Services  to run the Wonderware front-end program.  

I will be needing to remotely access the console session that is automatically logged on at startup for administrative purposes.  I know I can connect into the session using "mstsc /console" but I would like to be refused connection if I don't use the "/console" switch.  Is there any way to do this?  

Thanks.
0
Comment
Question by:Feedler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 2000 total points
ID: 18895971
nope, Term serv will let you in by default, i dont beleive you can block and allow cosole sessios like that
0
 

Author Comment

by:Feedler
ID: 18917909
Thought that was the case.

Thanks.
0
 

Expert Comment

by:iso_more
ID: 24337141
The solution is incorrect.

1. Open the Terminal Services Configuration snap-in.
2. View the Properties of RDP-Tcp and select the Permissions tab.
3. Add the Everyone group and change the Guest Access from allow to deny.

Tags: restrict RDP console terminal services remote desktop
0
 

Expert Comment

by:GENINZ
ID: 34097476
Found this on another forum:

TS has a WMI provider which allows you to do that. The easier way to access WMI provider functionality is with WMIC alias. If you want to deny administrators access to console, you can run the following within a cmd shell:
WMIC RDAccount where "TerminalName='console' and AccountName like '%administrators%'" call delete

If you want to restore the default permissions setting for console:
WMIC RDPermissions where "TerminalName='console'" call RestoreDefaults

More info:
http://blogs.msdn.com/ts/archive/2006/10/03/Terminal-Services-_2800_TS_2900_-Remote-Configuration-Primer-Part-1.aspx
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question