Solved

When I log on to SBS2003 server using RDP as admin, I see other user's RDP seesion.  How can I prevent this?

Posted on 2009-06-30
10
394 Views
Last Modified: 2013-11-21
Typically our users don't have this problem, but a new RDP user does.  He can RDP to server normally using his own credentials, then he RDP's to his workstation on our company domain. All works well, except--when he closes his session (by clicking the 'X' on the RDP drop-own menu bar (not logging off).  When he logs back on the old session persists--this is also OK.  However, when I, the admin, log on using my administrator credentials, I see his session open on the server.  Again, this doesn't happen to our other RDP users.  I don't want to see his session. What is different and how can this be prevented?
0
Comment
Question by:FrankU09
  • 4
  • 4
  • 2
10 Comments
 
LVL 38

Accepted Solution

by:
Philip Elder earned 250 total points
ID: 24747230
Why would the server be used as a jump point into the network (unless I am not understanding what is being said)? The Remote Web Workplace provides this functionality by a fully secure Web based portal.

Does this mean that those users using the server as the jump point are Domain Admins?!?

Use the Remote Web Workplace to provide the necessary connectivity to SBS domain based workstations.
http://blogs.technet.com/sbs/archive/2006/07/25/443383.aspx
http://blogs.technet.com/sbs/archive/2006/11/03/remote-web-workplace-rww-part-ii-controlling-portal-access.aspx

Philip
0
 

Author Comment

by:FrankU09
ID: 24747359
I'm a new hire and this is the environment I walked into.  I don't know why they are doing it this way.  Maybe because this was a way to get it done; albeit, not the right way.  I will research and suggest it to them. Thank you.  Your suggestion really does look like the proper way to do it.

Until they decide to do it differently, how can I prevent seeing the other user's RDP?
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24747445
Since they are ALL domain admins, which means that they are sharing the same priviledges as god, there is no way that I can think of other than in Terminal Services Configuration trying the Limit Users to a Single Session setting.

Philip
0
 

Author Comment

by:FrankU09
ID: 24747519
They are NOT all admins.  They only belong to the remote desktop users and domain users groups.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24747557
Then I am missing something since it sounds like they are connecting to the server first via 3389 then RDP into their desktop?

Philip
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Assisted Solution

by:LateNiteR
LateNiteR earned 250 total points
ID: 24748289
What makes the MOST sense to me is that in order to view the other user's session, the two of you are logging into the server using the same credentials.  Either both of you are using the same LOCAL login or the SAME Domain-based account (probably an account designated specifically for this purpose) to initally access the server via RDP.

If the other user remotes to his office-desktop but clicks the 'X' to close his/her SERVER session, then logging into the server yourself (using the same login) will naturally still contain his/her RDP session to the desktop.

I've seen this in other smaller offices where the server is the sole entrypoint onto the LAN via VPN.  Users who do not know how to will use this as a means of access their data on the HDs of their office PCs.

Hope this helps.
0
 
LVL 3

Expert Comment

by:LateNiteR
ID: 24748320
...sorry, instead of browsing to the desktop file system via Windows Explorer, accessing a desktop share or making a static mapping to a share on the remote PC connected via VPN.
0
 

Author Comment

by:FrankU09
ID: 24748573
I'm not sure what 3389 is, but they first use RDP to connect to our server from outside of our network, then, once connected to the server, they use RDP to connect to their workstation that is on the domain.  They can't connect directly to their workstations through our firewall. Seems very convoluted to me, but it is what it is--for the moment.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 24748643
3389 is the port number used by RDP to listen for incoming calls. TSGrinder put a stop to us doing the same.

Philip
0
 

Author Comment

by:FrankU09
ID: 24748935
It finally clicked...the 3389. Thanks. We are definitely using different logons.  I am using ADMINISTRATOR and he is using his XXX.  It is the most bizarre thing.  The other users don't have this issue.  I may just delete and re-create his user profile.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now