Restrict user to Terminal Server console session

Hi,

I am setting up a server that will be running a SCADA system (Wonderware) and will be running Terminal Services on Windows Server 2003.  There are 2 logging programs that need to run at system startup so I have enabled the automatic logon option for a user (eg:wonderadmin) and placed the shortcuts in their startup directory.  Users can then connect in using their credentials in Terminal Services  to run the Wonderware front-end program.  

I will be needing to remotely access the console session that is automatically logged on at startup for administrative purposes.  I know I can connect into the session using "mstsc /console" but I would like to be refused connection if I don't use the "/console" switch.  Is there any way to do this?  

Thanks.
FeedlerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jay_Jay70Commented:
nope, Term serv will let you in by default, i dont beleive you can block and allow cosole sessios like that
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FeedlerAuthor Commented:
Thought that was the case.

Thanks.
0
iso_moreCommented:
The solution is incorrect.

1. Open the Terminal Services Configuration snap-in.
2. View the Properties of RDP-Tcp and select the Permissions tab.
3. Add the Everyone group and change the Guest Access from allow to deny.

Tags: restrict RDP console terminal services remote desktop
0
GENINZCommented:
Found this on another forum:

TS has a WMI provider which allows you to do that. The easier way to access WMI provider functionality is with WMIC alias. If you want to deny administrators access to console, you can run the following within a cmd shell:
WMIC RDAccount where "TerminalName='console' and AccountName like '%administrators%'" call delete

If you want to restore the default permissions setting for console:
WMIC RDPermissions where "TerminalName='console'" call RestoreDefaults

More info:
http://blogs.msdn.com/ts/archive/2006/10/03/Terminal-Services-_2800_TS_2900_-Remote-Configuration-Primer-Part-1.aspx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.