Link to home
Start Free TrialLog in
Avatar of mixdcunphution
mixdcunphution

asked on

Remote Desktop Disconnect, Only one user can be Remotely connected to the server at a time. Option to disable "Restrict each user to one session" is greyed out.

We have a 2003 Enterprise server SP2 that is part of a server stack. Each computer on that stack except this one can recieve Remote Desktop requests from our Developers 2 at a time. Now one of the boxes only allows one user at a time. I looked an saw that even when logged in as an administrator account, i do not have the terminal servlces rights to change it. How do i get my local admin account rights to the Terminal services?

There were Vulnerability scans and mitigations done that I believe might have taken these rights away from the local administrator group and accounts.

Help is most apprieciated
Avatar of ryansoto
ryansoto
Flag of United States of America image

To get rights to the local admin you need to make the domain admins (or whatever admin group you are apart of) and add that to the local admin group on that machine.
ASKER CERTIFIED SOLUTION
Avatar of ryansoto
ryansoto
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mixdcunphution
mixdcunphution

ASKER

This is a Local Administrator that is in the Administrator group. There is no domain admin needed because this is in a workgroup.

The other servers that are on the network domain have the rights as local admin, but the servers that are not part of the domain are not allowing the local Admin to access the terminal services with these rights.
This problem is more difficult then I thought

Do you think there is a possible loss of the administrator? How can the administrator no longer have the rights to change this task?
When someting is greyed out like that you either are missing the rights such as a domain user trying to do it or group policy is overriding.
Now I know you said these are in a workgroup BUT I would run the group policy modeling and see of group policy is applying to these machines as well.
The group Policy does have these settings, but even when I change them in the Group Policy they do not change in the Terminal Services configuration.
Just to be safe I would run the GP modeling against this terminal server and see if anything is applying to it.
I did that but it still has no affect, even when I change it in the restrict user to one login in the group policy, it still does not affect the ability to change the local policy still.
What I mean is -
A group policy overrides a local policy so if you dont have the ability to change a local policy its because a domain policy is in effect.  To be able to change the local policy you need to turn off the corresponding group policy.
How do I do that?
First you need to find out which of your GP's contain this setting in question.
Once you find out which one it is then you need to edit the GP and disable that particular setting or change back to default which may be 'not configured'
Once thats done you will need to run a gpupdate /force from the command line on the computer in question.  
If you got the right setting from step 1 then you will be able to change the local policy
That is the problem, I did change the setting to disable the "do not allow local administrators to customize permissions"  but I still cannot change the settings.

Everything that I change on the server group policy does not effect the local policies.
Per your question
Option to disable "Restrict each user to one session" is greyed out

Where are you seeing this.  In Group Policy I assume or on the local policy
I actually see the Restrict each user to one session in the Group Policy, but the greyed out part that I cannot change is in the Terminal Services Configuration, Connections Properties on the Network Adapter Tab, Maximum connections.

But under that there is a yellow exlamation point with the following:
This server is configured in the default Remote Desktop mode for remote administration, which allows a maximum of two simultaneous remote connections.

But still the maximum connections is selected and greyed out with a one in the fill box

And in the Server Settings on the Terminal Services congifuration the restrict each user to one session is set to yes and it is greyed out.
This did give me an idea of how to better answer this question.