Solved

How can you restrict users logon hours to just the terminal server?

Posted on 2008-06-13
5
2,607 Views
Last Modified: 2013-11-21
I'd like to restrict when users can log into a terminal server without restricting their login ability to the rest of the network. For example, only want users to be able to login to the TS M-F 9 to 5pm. I don't want to restrict them though from being able to access webmail, their local domain PC, etc. Is this possible? If so, please provide detailed instructions. Thanks.
0
Comment
Question by:mcse4u
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:jenkinsme
ID: 21784362
I do not know of any way to do this using just Windows Server however on your terminal server you could install the following free program:
http://www.download.com/2X-SecureRDP/3000-2092_4-10465332.html
Then from there you can provide or deny access to RDP however you would like without effecting local access to the server.
0
 

Author Comment

by:mcse4u
ID: 21784406
Interesting program, however, it won't allow me to restrict the logon times to certain user groups. it's appears to be a all or nothing approach. And the help file is a little lacking in information. Do you check the boxes of when you want to block access, or are the check boxes for when you want to ALLOW access? The help system doesn't specify.
0
 
LVL 5

Expert Comment

by:jenkinsme
ID: 21784455
The check boxes are for what days you want to allow access and then state the time for allowed access. I know it is not very intuitive at all unfortunately there is not much out there for free that isn't like that.
0
 
LVL 7

Expert Comment

by:fhmc
ID: 21785415
thinking a bit "out of the box" here so to speak, and I've NEVER tried this, so I'm only speaking of theory here...

maybe you could leverage the Terminal Server's local tasks to run a batch file using the "net localgroups" command at two scheduled times.

place the users you want to control time access to the terminal server into an AD group called, say "Term serv X time control"

on the terminal server, prepare two batch files.

disableaccess.bat
net localgroup "remote desktop users" /delete "yourdomain\term serv x time control"

enableaccess.bat
net localgroup "remote desktop users" /add "yourdomain\term serv x time control"

schedule a task at X time to run disableaccess.bat
schedule a task at Y time to run enableaccess.bat

*****ALSO, make sure none of the members of "term serv x time control" are members of any other groups in the Terminal Server's remote desktop users group.

again, this is JUST theory on my side, but the logic seems to be sound in my mind.  You will have to conduct your own tests if you wish to pursue my suggestion.

If you're interested in pursuing this theoretical approach and have any questions, please post them and I'll do my best to help.

good luck.
0
 

Accepted Solution

by:
mcse4u earned 0 total points
ID: 21787219
Makes you wonder why this simple feature request is not built into the product already. I can't imagine i'm the only person who needs to restrict users to certain timeframes.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question