• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Best solution for preventing users from connecting to Terminal Server?

We have an application that will need to be updated nightly, and everyone uses this application (10-15 users per Terminal Server) What is the best method for kicking out users from the application and preventing them from connecting to the system while the update is performed?
Is there an application that exists that could automate the process of kicking users out to take the new install (which is an MSI file)

I remember in Solaris you would copy a file to a certain directory would prevent anyone from telnetting in until that file was removed.
1 Solution
You can do two things.
1. Deny their logon hours in their user profile in Active Direcotry Users and Computers.
2. If you have a good amount of users, it would be easier to create a GPO.
amedexittAuthor Commented:
That won't work as its not every night that a release will occur, and we are talking about 8-9 Terminal Servers and 15-20 users a piece.
Forrest BurrisCommented:
ive had to engineer a solution for this in the past as well. it doesnt lock out the users but it kicks them all off while you do what you have to do (ie: udpate/backup). i created a batch file called userkick.bat with the contents below. i then made a windows scheduled task to run it 5 minutes before the nightly backup. the number = the ts channel so go ahead and cut paste the logoff x /v command to however many channels you normally use

logoff 1 /v
logoff 2 /v
logoff 3 /v
logoff 4 /v
logoff 5 /v

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

You might want to add in to this batch file

net stop "terminal services"

This will prevent users from logging back on to the server. and then another batch file that does

net start "terminal servives" after the back has completed.
sorry typo I ment:

net start "terminal services"
amedexittAuthor Commented:
But if you stop the Terminal Services service it would kick me out too! These changes will have to be done manually until we get an idea of timeframes with upgrades at which point I think we can implement it automatically.
amedexittAuthor Commented:
Does anyone else have any suggestions? We have 8-9 Terminal Servers and over the weekend I tried to update some and it was quite the nightmare.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now