Disable access to Terminal Server while updating

Posted on 2007-10-08
Last Modified: 2013-11-21
Is there a way that I can disable the ability for people to log into the Microsoft Terminal Server 2003, temporarily, with out inhibiting any functionality of the Terminal Server itself while I install Service Packs, Critical updates, software installs/upgrades, etc?

Basically I don't want to have to rely on 'asking' staff to not log in during this time.

I don't want to disconnect the server from the network as I need to access resources from other systems.
Question by:gamm
    LVL 4

    Expert Comment

    I'd suggest looking at the Local Security Policy for the server - there should be a policy setting that controls which user groups can logon to the server. If you temporarily remove the domain users from that list, and leave yourself (or the administrators group), you should be able to login while ordinary users will get a permission error.

    I don't have a TS machine around to give you the exact policy setting, but if you take a look in the list you should be able to find it.
    LVL 13

    Expert Comment

    Open the Services.msc applet and stop the "Terminal Services" service.  As long as you are logged into the console you will be able to work on the server normally.
    LVL 82

    Accepted Solution

    Open a command prompt, enter
    change logon /disable
    Current sessions will remain open, but remote logons to the terminal server aren't possible anymore.
    To enable logons again, use
    change logon /enable
    To check the current state, use
    change logon /query

    Terminal Services is one of the services that can not be stopped while the machine is running.
    LVL 13

    Expert Comment

    Thanks for letting me know oBdA.  I was going by memory and thought I'd done it before but the memory does fail me sometimes.  Let that be a good lesson for me to double-check things before writing them down.  :)
    LVL 4

    Author Comment

    Thanks oBda,
    I will try this out when I next run an update and will allocate you the points then.


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
    Learn about cloud computing and its benefits for small business owners.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now