How can you restrict users logon hours to just the terminal server?

I'd like to restrict when users can log into a terminal server without restricting their login ability to the rest of the network. For example, only want users to be able to login to the TS M-F 9 to 5pm. I don't want to restrict them though from being able to access webmail, their local domain PC, etc. Is this possible? If so, please provide detailed instructions. Thanks.
mcse4uAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
mcse4uConnect With a Mentor Author Commented:
Makes you wonder why this simple feature request is not built into the product already. I can't imagine i'm the only person who needs to restrict users to certain timeframes.
0
 
jenkinsmeCommented:
I do not know of any way to do this using just Windows Server however on your terminal server you could install the following free program:
http://www.download.com/2X-SecureRDP/3000-2092_4-10465332.html
Then from there you can provide or deny access to RDP however you would like without effecting local access to the server.
0
 
mcse4uAuthor Commented:
Interesting program, however, it won't allow me to restrict the logon times to certain user groups. it's appears to be a all or nothing approach. And the help file is a little lacking in information. Do you check the boxes of when you want to block access, or are the check boxes for when you want to ALLOW access? The help system doesn't specify.
0
 
jenkinsmeCommented:
The check boxes are for what days you want to allow access and then state the time for allowed access. I know it is not very intuitive at all unfortunately there is not much out there for free that isn't like that.
0
 
fhmcCommented:
thinking a bit "out of the box" here so to speak, and I've NEVER tried this, so I'm only speaking of theory here...

maybe you could leverage the Terminal Server's local tasks to run a batch file using the "net localgroups" command at two scheduled times.

place the users you want to control time access to the terminal server into an AD group called, say "Term serv X time control"

on the terminal server, prepare two batch files.

disableaccess.bat
net localgroup "remote desktop users" /delete "yourdomain\term serv x time control"

enableaccess.bat
net localgroup "remote desktop users" /add "yourdomain\term serv x time control"

schedule a task at X time to run disableaccess.bat
schedule a task at Y time to run enableaccess.bat

*****ALSO, make sure none of the members of "term serv x time control" are members of any other groups in the Terminal Server's remote desktop users group.

again, this is JUST theory on my side, but the logic seems to be sound in my mind.  You will have to conduct your own tests if you wish to pursue my suggestion.

If you're interested in pursuing this theoretical approach and have any questions, please post them and I'll do my best to help.

good luck.
0
All Courses

From novice to tech pro — start learning today.