• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2178
  • Last Modified:

RDP to console ONLY. No remote sessions?

I need to be able to use the console of Windows RDP only on a Windows Server 2003 server.  Anyone know how to do that?  We have some issues where our engineers need to access a machine either locally or remotely, but can't have multiple sessions as it will screw up software licensing (don't ask).  Basically I want W2K3 to mimic Windows XP Pro. RDP functionality.  I.E. if you log in remotely, it locks the local console...etc.
0
banks1850
Asked:
banks1850
  • 13
  • 7
  • 3
  • +2
1 Solution
 
RightNLCommented:
use dameware remote control....

it's cheap and it works like magic.
0
 
banks1850Author Commented:
Can't, this is for a retail product that the clients use.  We would have to buy a distribution license and you don't want to know how much those cost.
0
 
The_KirschiCommented:
I am not sure what the purpose of your RDP session is. Is it just that you want users to have the same session when logging in remotely or locally? If yes, you can easily connect to a remote session that was only disconnected or is still running.

Go to Start -> Programs -> Administrative Tools -> Terminal Services Manager.

Right-click the existing connection and choose "Connect".


http://www.microsoft.com/windowsserver2003/techinfo/overview/tsremoteadmin.mspx
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
RightNLCommented:
so you want the rdp session limited to the console?

or just to 1 session at the same time?
0
 
The_KirschiCommented:
You can also restrict the maximum session to only "1" in the Terminal Services Configuration. Right-click "rdp" go to properties and then in the "network adapter" tab. Here you can change from "2" to "1".

Hope this helps

Daniel
0
 
The_KirschiCommented:
Sorry, forgot the "console" thing:

http://headblender.com/joe/blog/old/001166.html

If you use the /console switch the screen at the server will get locked as in XP.
0
 
banks1850Author Commented:
This is all good info.  But I already know all of it.  
We need it to mimic Windows XP Professional RDP.  I.E. only allow one person to be logged in at any one time, whether they be local or remote.  Ideally this needs to happen without the user typing in any additional statements to connect (I.E.  no needing to put the /console after the RDP string).  

The problem is that If you log in twice with the same user, even for a second, it screws up the licensing of our product (we are working on solving that, but it takes a while to get to production for things like licensing).  So what we really want is to be able to console to the machine (because you can only have 1 console session, this would solve our issue), but not to RDP with normal sessions.  Even just allowing a single session still allows users to RDP and local console at the same time.
0
 
The_KirschiCommented:
Not sure if this would work but maybe you can deny all users to log on from the network in the local security policy of the server. But that likely will also restrict them from using the mstsc /console.
0
 
zephyr_hex (Megan)DeveloperCommented:
is Terminal Services disabled? (it should be).  Terminal Services is what allows multiple RDP sessions at once...
0
 
davidriversCommented:
Click On Start
Click On Run
Type mstsc /console
Type IP Address or Hostname of server

mstsc brings up the remote desktop connection and the /console switch tells it what session to use
0
 
davidriversCommented:
I forgot to mention, if you do this on one of your client machines, you can configure it via the options button and then save the .rdp to the desktop etc for quick access to the console
0
 
davidriversCommented:
Sorry I have reread Author comments,

The_Kirschi: has given a nearly complete solution, rather than changing sessions from 2 to 1, change the value to 0
0
 
banks1850Author Commented:
Tried that, it doesn't work.  That disables all remote sessions including console.
0
 
The_KirschiCommented:
I tried that, too. And with "0" you cannot connect at all via RDP, only locally.

If the information found in the following link is true (and it seems to be as it is from a Technet blog) then it should be your solution:

http://blogs.technet.com/tonyso/archive/2006/10/19/using-the-rdp-console-session.aspx

Have a look at the lower half of the article. (1. - 7.)
0
 
banks1850Author Commented:
I read the article.  While It will do what I want if we force users to use mstsc /console.  Since there is still the availability to RDP into it, there is still the option of RDP'ing in without using the console switch, thereby allowing the local console and a remote session with the same user.  I know this is a tricky one, and maybe there is no solution to it.  I was thinking maybe there was a registry setting that would revert W2K3 server to the same mode as Windows XP Pro Remote administration mode.  I guess there isn't though.  I have researched long and hard all over the net and still have yet to find a way to do this.
0
 
The_KirschiCommented:
If you read the article then you have read point 7.

It clearly states that their can be only one connection "... and only through the console...".

If you can only connect through the console then you should not be able to connect without the /console switch. And I think this is, what you require.

Did you actually try it? I will try later myself.
0
 
banks1850Author Commented:
I read it.  It states only one REMOTE connection.  That is the key.  That means that someone could be logged on locally, and if a second person attempts to log on remotely without using the /console option, it will create a second session instead of logging off the local console user.  Where as if you were using Windows XP the local console user would be logged off automatically.
0
 
The_KirschiCommented:
I found another setting that might be helpful.

In Terminal Services Configuration in the Server Settings you can specify "Restrict each user to one session". If you set this to "Yes" it should ensure that each user can log in only once.
0
 
The_KirschiCommented:
Sorry, I didn't mean to offend you.
0
 
The_KirschiCommented:
Ok, that doesn't seem to help, too:

http://support.microsoft.com/?scid=kb%3Ben-us%3B302883&x=9&y=13

And also this is only for remote sessions and not for local log in. But you could additionally deny the "Log on locally" permission for the appropriate users on the server.

But also this obviously leaves still the "hole" described in the article mentioned above.

The more I get into this, the more I am afraid that you are right and there is no real solution to this.
0
 
banks1850Author Commented:
its ok I have a tough skin.  :)  I believe I agree.  Windows XP Pro uses console redirection, where as W2K3 uses true Terminal Services.  I think that is the main culprit.  I was hoping I could turn off Term services and turn on some registry setting that allows console redirection, but I guess that probably isn't the case.
0
 
The_KirschiCommented:
Hi,

I found something that might be the solution for your problem though it didn't manage to test it yet:

http://www.amset.info/windows/limit-logins.asp

Based on a network share that you mount each time the user logs in it is determined whether the user is already logged in. If she is she gets logoff immediately.

The question that came to my mind is:
What happens if the user disconnects the mapped network drive on the other session?

I will try to test it in a few minutes myself.
0
 
The_KirschiCommented:
Hi again,

I tried it myself and it works like a charm... As long as the drive is mapped, that is.

If I have the drive connected I get logged of immediately after logging in, locally and via RDP.

Now you will need to find how to deny users to disconnect the network drive.

Lets see....
0
 
The_KirschiCommented:
You can enable the following setting in a GPO:

User Configuration\Administrative Templates\Windows Components\Windows Explorer]

Remove Map Network Drive and Disconnect Network Drive


That will remove the "disconnect" from the Explorer toolbar and the right-click menue on the mapped drive. Ok, fine. But...

You can still disconnect the drive via command line:

net use u: /delete

I cannot find a way to hide that mapped network drive.

I will quit my investigation now. If I find something that could help I will post here.

good luck
Daniel
0
 
banks1850Author Commented:
great, that looks like it should work for my needs.  If they want to go that far, then good luck to them.  I'm not their nanny.  Good work Kirschi!
0
 
The_KirschiCommented:
Thanks (also for the points). Glad to be of help.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 7
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now