Solved

When I log on to SBS2003 server using RDP as admin, I see other user's RDP seesion.  How can I prevent this?

Posted on 2009-06-30
10
401 Views
Last Modified: 2013-11-21
Typically our users don't have this problem, but a new RDP user does.  He can RDP to server normally using his own credentials, then he RDP's to his workstation on our company domain. All works well, except--when he closes his session (by clicking the 'X' on the RDP drop-own menu bar (not logging off).  When he logs back on the old session persists--this is also OK.  However, when I, the admin, log on using my administrator credentials, I see his session open on the server.  Again, this doesn't happen to our other RDP users.  I don't want to see his session. What is different and how can this be prevented?
0
Comment
Question by:FrankU09
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 39

Accepted Solution

by:
Philip Elder earned 250 total points
ID: 24747230
Why would the server be used as a jump point into the network (unless I am not understanding what is being said)? The Remote Web Workplace provides this functionality by a fully secure Web based portal.

Does this mean that those users using the server as the jump point are Domain Admins?!?

Use the Remote Web Workplace to provide the necessary connectivity to SBS domain based workstations.
http://blogs.technet.com/sbs/archive/2006/07/25/443383.aspx
http://blogs.technet.com/sbs/archive/2006/11/03/remote-web-workplace-rww-part-ii-controlling-portal-access.aspx

Philip
0
 

Author Comment

by:FrankU09
ID: 24747359
I'm a new hire and this is the environment I walked into.  I don't know why they are doing it this way.  Maybe because this was a way to get it done; albeit, not the right way.  I will research and suggest it to them. Thank you.  Your suggestion really does look like the proper way to do it.

Until they decide to do it differently, how can I prevent seeing the other user's RDP?
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 24747445
Since they are ALL domain admins, which means that they are sharing the same priviledges as god, there is no way that I can think of other than in Terminal Services Configuration trying the Limit Users to a Single Session setting.

Philip
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:FrankU09
ID: 24747519
They are NOT all admins.  They only belong to the remote desktop users and domain users groups.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 24747557
Then I am missing something since it sounds like they are connecting to the server first via 3389 then RDP into their desktop?

Philip
0
 
LVL 3

Assisted Solution

by:LateNiteR
LateNiteR earned 250 total points
ID: 24748289
What makes the MOST sense to me is that in order to view the other user's session, the two of you are logging into the server using the same credentials.  Either both of you are using the same LOCAL login or the SAME Domain-based account (probably an account designated specifically for this purpose) to initally access the server via RDP.

If the other user remotes to his office-desktop but clicks the 'X' to close his/her SERVER session, then logging into the server yourself (using the same login) will naturally still contain his/her RDP session to the desktop.

I've seen this in other smaller offices where the server is the sole entrypoint onto the LAN via VPN.  Users who do not know how to will use this as a means of access their data on the HDs of their office PCs.

Hope this helps.
0
 
LVL 3

Expert Comment

by:LateNiteR
ID: 24748320
...sorry, instead of browsing to the desktop file system via Windows Explorer, accessing a desktop share or making a static mapping to a share on the remote PC connected via VPN.
0
 

Author Comment

by:FrankU09
ID: 24748573
I'm not sure what 3389 is, but they first use RDP to connect to our server from outside of our network, then, once connected to the server, they use RDP to connect to their workstation that is on the domain.  They can't connect directly to their workstations through our firewall. Seems very convoluted to me, but it is what it is--for the moment.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 24748643
3389 is the port number used by RDP to listen for incoming calls. TSGrinder put a stop to us doing the same.

Philip
0
 

Author Comment

by:FrankU09
ID: 24748935
It finally clicked...the 3389. Thanks. We are definitely using different logons.  I am using ADMINISTRATOR and he is using his XXX.  It is the most bizarre thing.  The other users don't have this issue.  I may just delete and re-create his user profile.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question