[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 304
  • Last Modified:

Best solution for preventing users from connecting to Terminal Server?

We have an application that will need to be updated nightly, and everyone uses this application (10-15 users per Terminal Server) What is the best method for kicking out users from the application and preventing them from connecting to the system while the update is performed?
Is there an application that exists that could automate the process of kicking users out to take the new install (which is an MSI file)


I remember in Solaris you would copy a file to a certain directory would prevent anyone from telnetting in until that file was removed.
0
amedexitt
Asked:
amedexitt
1 Solution
 
elintseeker2003Commented:
You can do two things.
1. Deny their logon hours in their user profile in Active Direcotry Users and Computers.
2. If you have a good amount of users, it would be easier to create a GPO.
0
 
amedexittAuthor Commented:
That won't work as its not every night that a release will occur, and we are talking about 8-9 Terminal Servers and 15-20 users a piece.
0
 
Forrest BurrisCommented:
ive had to engineer a solution for this in the past as well. it doesnt lock out the users but it kicks them all off while you do what you have to do (ie: udpate/backup). i created a batch file called userkick.bat with the contents below. i then made a windows scheduled task to run it 5 minutes before the nightly backup. the number = the ts channel so go ahead and cut paste the logoff x /v command to however many channels you normally use

logoff 1 /v
logoff 2 /v
logoff 3 /v
logoff 4 /v
logoff 5 /v


0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
mickeyfanCommented:
You might want to add in to this batch file

net stop "terminal services"

This will prevent users from logging back on to the server. and then another batch file that does

net start "terminal servives" after the back has completed.
0
 
mickeyfanCommented:
sorry typo I ment:

net start "terminal services"
0
 
amedexittAuthor Commented:
But if you stop the Terminal Services service it would kick me out too! These changes will have to be done manually until we get an idea of timeframes with upgrades at which point I think we can implement it automatically.
0
 
amedexittAuthor Commented:
Does anyone else have any suggestions? We have 8-9 Terminal Servers and over the weekend I tried to update some and it was quite the nightmare.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now