• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 406
  • Last Modified:

When I log on to SBS2003 server using RDP as admin, I see other user's RDP seesion. How can I prevent this?

Typically our users don't have this problem, but a new RDP user does.  He can RDP to server normally using his own credentials, then he RDP's to his workstation on our company domain. All works well, except--when he closes his session (by clicking the 'X' on the RDP drop-own menu bar (not logging off).  When he logs back on the old session persists--this is also OK.  However, when I, the admin, log on using my administrator credentials, I see his session open on the server.  Again, this doesn't happen to our other RDP users.  I don't want to see his session. What is different and how can this be prevented?
0
FrankU09
Asked:
FrankU09
  • 4
  • 4
  • 2
2 Solutions
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Why would the server be used as a jump point into the network (unless I am not understanding what is being said)? The Remote Web Workplace provides this functionality by a fully secure Web based portal.

Does this mean that those users using the server as the jump point are Domain Admins?!?

Use the Remote Web Workplace to provide the necessary connectivity to SBS domain based workstations.
http://blogs.technet.com/sbs/archive/2006/07/25/443383.aspx
http://blogs.technet.com/sbs/archive/2006/11/03/remote-web-workplace-rww-part-ii-controlling-portal-access.aspx

Philip
0
 
FrankU09Author Commented:
I'm a new hire and this is the environment I walked into.  I don't know why they are doing it this way.  Maybe because this was a way to get it done; albeit, not the right way.  I will research and suggest it to them. Thank you.  Your suggestion really does look like the proper way to do it.

Until they decide to do it differently, how can I prevent seeing the other user's RDP?
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Since they are ALL domain admins, which means that they are sharing the same priviledges as god, there is no way that I can think of other than in Terminal Services Configuration trying the Limit Users to a Single Session setting.

Philip
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
FrankU09Author Commented:
They are NOT all admins.  They only belong to the remote desktop users and domain users groups.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Then I am missing something since it sounds like they are connecting to the server first via 3389 then RDP into their desktop?

Philip
0
 
LateNiteRCommented:
What makes the MOST sense to me is that in order to view the other user's session, the two of you are logging into the server using the same credentials.  Either both of you are using the same LOCAL login or the SAME Domain-based account (probably an account designated specifically for this purpose) to initally access the server via RDP.

If the other user remotes to his office-desktop but clicks the 'X' to close his/her SERVER session, then logging into the server yourself (using the same login) will naturally still contain his/her RDP session to the desktop.

I've seen this in other smaller offices where the server is the sole entrypoint onto the LAN via VPN.  Users who do not know how to will use this as a means of access their data on the HDs of their office PCs.

Hope this helps.
0
 
LateNiteRCommented:
...sorry, instead of browsing to the desktop file system via Windows Explorer, accessing a desktop share or making a static mapping to a share on the remote PC connected via VPN.
0
 
FrankU09Author Commented:
I'm not sure what 3389 is, but they first use RDP to connect to our server from outside of our network, then, once connected to the server, they use RDP to connect to their workstation that is on the domain.  They can't connect directly to their workstations through our firewall. Seems very convoluted to me, but it is what it is--for the moment.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
3389 is the port number used by RDP to listen for incoming calls. TSGrinder put a stop to us doing the same.

Philip
0
 
FrankU09Author Commented:
It finally clicked...the 3389. Thanks. We are definitely using different logons.  I am using ADMINISTRATOR and he is using his XXX.  It is the most bizarre thing.  The other users don't have this issue.  I may just delete and re-create his user profile.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now