Solved

When I log on to SBS2003 server using RDP as admin, I see other user's RDP seesion.  How can I prevent this?

Posted on 2009-06-30
10
399 Views
Last Modified: 2013-11-21
Typically our users don't have this problem, but a new RDP user does.  He can RDP to server normally using his own credentials, then he RDP's to his workstation on our company domain. All works well, except--when he closes his session (by clicking the 'X' on the RDP drop-own menu bar (not logging off).  When he logs back on the old session persists--this is also OK.  However, when I, the admin, log on using my administrator credentials, I see his session open on the server.  Again, this doesn't happen to our other RDP users.  I don't want to see his session. What is different and how can this be prevented?
0
Comment
Question by:FrankU09
  • 4
  • 4
  • 2
10 Comments
 
LVL 38

Accepted Solution

by:
Philip Elder earned 250 total points
ID: 24747230
Why would the server be used as a jump point into the network (unless I am not understanding what is being said)? The Remote Web Workplace provides this functionality by a fully secure Web based portal.

Does this mean that those users using the server as the jump point are Domain Admins?!?

Use the Remote Web Workplace to provide the necessary connectivity to SBS domain based workstations.
http://blogs.technet.com/sbs/archive/2006/07/25/443383.aspx
http://blogs.technet.com/sbs/archive/2006/11/03/remote-web-workplace-rww-part-ii-controlling-portal-access.aspx

Philip
0
 

Author Comment

by:FrankU09
ID: 24747359
I'm a new hire and this is the environment I walked into.  I don't know why they are doing it this way.  Maybe because this was a way to get it done; albeit, not the right way.  I will research and suggest it to them. Thank you.  Your suggestion really does look like the proper way to do it.

Until they decide to do it differently, how can I prevent seeing the other user's RDP?
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24747445
Since they are ALL domain admins, which means that they are sharing the same priviledges as god, there is no way that I can think of other than in Terminal Services Configuration trying the Limit Users to a Single Session setting.

Philip
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:FrankU09
ID: 24747519
They are NOT all admins.  They only belong to the remote desktop users and domain users groups.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24747557
Then I am missing something since it sounds like they are connecting to the server first via 3389 then RDP into their desktop?

Philip
0
 
LVL 3

Assisted Solution

by:LateNiteR
LateNiteR earned 250 total points
ID: 24748289
What makes the MOST sense to me is that in order to view the other user's session, the two of you are logging into the server using the same credentials.  Either both of you are using the same LOCAL login or the SAME Domain-based account (probably an account designated specifically for this purpose) to initally access the server via RDP.

If the other user remotes to his office-desktop but clicks the 'X' to close his/her SERVER session, then logging into the server yourself (using the same login) will naturally still contain his/her RDP session to the desktop.

I've seen this in other smaller offices where the server is the sole entrypoint onto the LAN via VPN.  Users who do not know how to will use this as a means of access their data on the HDs of their office PCs.

Hope this helps.
0
 
LVL 3

Expert Comment

by:LateNiteR
ID: 24748320
...sorry, instead of browsing to the desktop file system via Windows Explorer, accessing a desktop share or making a static mapping to a share on the remote PC connected via VPN.
0
 

Author Comment

by:FrankU09
ID: 24748573
I'm not sure what 3389 is, but they first use RDP to connect to our server from outside of our network, then, once connected to the server, they use RDP to connect to their workstation that is on the domain.  They can't connect directly to their workstations through our firewall. Seems very convoluted to me, but it is what it is--for the moment.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24748643
3389 is the port number used by RDP to listen for incoming calls. TSGrinder put a stop to us doing the same.

Philip
0
 

Author Comment

by:FrankU09
ID: 24748935
It finally clicked...the 3389. Thanks. We are definitely using different logons.  I am using ADMINISTRATOR and he is using his XXX.  It is the most bizarre thing.  The other users don't have this issue.  I may just delete and re-create his user profile.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question