Best solution for preventing users from connecting to Terminal Server?

Posted on 2009-04-23
Last Modified: 2013-11-21
We have an application that will need to be updated nightly, and everyone uses this application (10-15 users per Terminal Server) What is the best method for kicking out users from the application and preventing them from connecting to the system while the update is performed?
Is there an application that exists that could automate the process of kicking users out to take the new install (which is an MSI file)

I remember in Solaris you would copy a file to a certain directory would prevent anyone from telnetting in until that file was removed.
Question by:amedexitt
    LVL 1

    Expert Comment

    You can do two things.
    1. Deny their logon hours in their user profile in Active Direcotry Users and Computers.
    2. If you have a good amount of users, it would be easier to create a GPO.

    Author Comment

    That won't work as its not every night that a release will occur, and we are talking about 8-9 Terminal Servers and 15-20 users a piece.
    LVL 11

    Accepted Solution

    ive had to engineer a solution for this in the past as well. it doesnt lock out the users but it kicks them all off while you do what you have to do (ie: udpate/backup). i created a batch file called userkick.bat with the contents below. i then made a windows scheduled task to run it 5 minutes before the nightly backup. the number = the ts channel so go ahead and cut paste the logoff x /v command to however many channels you normally use

    logoff 1 /v
    logoff 2 /v
    logoff 3 /v
    logoff 4 /v
    logoff 5 /v

    LVL 6

    Expert Comment

    You might want to add in to this batch file

    net stop "terminal services"

    This will prevent users from logging back on to the server. and then another batch file that does

    net start "terminal servives" after the back has completed.
    LVL 6

    Expert Comment

    sorry typo I ment:

    net start "terminal services"

    Author Comment

    But if you stop the Terminal Services service it would kick me out too! These changes will have to be done manually until we get an idea of timeframes with upgrades at which point I think we can implement it automatically.

    Author Comment

    Does anyone else have any suggestions? We have 8-9 Terminal Servers and over the weekend I tried to update some and it was quite the nightmare.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This is my 3rd article on SCCM in recent weeks, the 1st ( dealing with installat…
    On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now