Solved

How can you restrict users logon hours to just the terminal server?

Posted on 2008-06-13
5
2,570 Views
Last Modified: 2013-11-21
I'd like to restrict when users can log into a terminal server without restricting their login ability to the rest of the network. For example, only want users to be able to login to the TS M-F 9 to 5pm. I don't want to restrict them though from being able to access webmail, their local domain PC, etc. Is this possible? If so, please provide detailed instructions. Thanks.
0
Comment
Question by:mcse4u
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:jenkinsme
ID: 21784362
I do not know of any way to do this using just Windows Server however on your terminal server you could install the following free program:
http://www.download.com/2X-SecureRDP/3000-2092_4-10465332.html
Then from there you can provide or deny access to RDP however you would like without effecting local access to the server.
0
 

Author Comment

by:mcse4u
ID: 21784406
Interesting program, however, it won't allow me to restrict the logon times to certain user groups. it's appears to be a all or nothing approach. And the help file is a little lacking in information. Do you check the boxes of when you want to block access, or are the check boxes for when you want to ALLOW access? The help system doesn't specify.
0
 
LVL 5

Expert Comment

by:jenkinsme
ID: 21784455
The check boxes are for what days you want to allow access and then state the time for allowed access. I know it is not very intuitive at all unfortunately there is not much out there for free that isn't like that.
0
 
LVL 7

Expert Comment

by:fhmc
ID: 21785415
thinking a bit "out of the box" here so to speak, and I've NEVER tried this, so I'm only speaking of theory here...

maybe you could leverage the Terminal Server's local tasks to run a batch file using the "net localgroups" command at two scheduled times.

place the users you want to control time access to the terminal server into an AD group called, say "Term serv X time control"

on the terminal server, prepare two batch files.

disableaccess.bat
net localgroup "remote desktop users" /delete "yourdomain\term serv x time control"

enableaccess.bat
net localgroup "remote desktop users" /add "yourdomain\term serv x time control"

schedule a task at X time to run disableaccess.bat
schedule a task at Y time to run enableaccess.bat

*****ALSO, make sure none of the members of "term serv x time control" are members of any other groups in the Terminal Server's remote desktop users group.

again, this is JUST theory on my side, but the logic seems to be sound in my mind.  You will have to conduct your own tests if you wish to pursue my suggestion.

If you're interested in pursuing this theoretical approach and have any questions, please post them and I'll do my best to help.

good luck.
0
 

Accepted Solution

by:
mcse4u earned 0 total points
ID: 21787219
Makes you wonder why this simple feature request is not built into the product already. I can't imagine i'm the only person who needs to restrict users to certain timeframes.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question