can you limit RDP/ terminal session user to just a single logon with GPO, so that another user cannot logoff the original session?

Posted on 2008-11-17
Last Modified: 2012-05-05
can you limit a user on a single Virtual XP pro machine [VMWARE] to one logon and disallow another terminal user from logging off that user off?
Question by:BFedyck
    LVL 2

    Accepted Solution

    You can use GPO to limit it to one active session at a time but... If two users are using the same account then one will always be able to log the other off.  The best way to do this is to use different accounts for everyone (Best Practice).  They do this in case you loose your connection while logged on it won't lock out your account until administrator manually ends the session.  You will start running into issues if you don't have that feature.  

    Author Comment

    if you have 2 users with ADMIN rights or local admin rights regardless of different user logons, one will still over ride or log out the other in the session, and if this can be stopped with a GPO, do you have instructions or a link to a KB?
    lmk and thanks
    LVL 21

    Assisted Solution

    Unfortunately, I think Administrators are giving the ability to log anyone off right in the Gina.  I don't believe there is a policy to control this.
    LVL 2

    Assisted Solution

    Like I said, I don't believe you can disable this and if you do get it done you are going to run into issues right away.  The first time someone doesn't log off when they exit the RDP session your stuck.  This happens all the time when people reboot, loose network connectivity, computer crashes... any thing.  The problem is, then, in order to log your own account off you'll have jump through many more hoops than just creating an admin account in AD.  An admin account in AD has far to many benifets for me to see the use in disabling an extremely helpful key feature such as being able to log on to your own account at any time.  

    ** You can however have your account enabled to allow multiple sessions at once. But from what I understand, you don't want multiple sessions either right?

    Author Comment

    thanks for the input

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now