[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

disable logins to remote desktop

Posted on 2011-05-06
15
Medium Priority
?
756 Views
Last Modified: 2013-11-21
How can I disable logins to the remote desktop server, while we are also logged in remotely to run windows updates, etc?

This is for Windows Server 2008
0
Comment
Question by:geekdad1
  • 7
  • 4
  • 2
  • +2
15 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 35709408
Anything you do will also prevent you from getting in if you get disconnected.

Only thing I can think of is to remove your AD Group that has Remote Desktop access from the Remote Desktop Users group on the RDP Server.
0
 
LVL 17

Expert Comment

by:pjam
ID: 35709437
IMHO You should not be doing windows updates when people are working.
0
 
LVL 1

Author Comment

by:geekdad1
ID: 35709603
Of course.  That's why we'd like to disable login's.  for everyone except administrators would be useful, in case we lose the connection and need to get back on.

0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LVL 10

Expert Comment

by:Wolfhere
ID: 35709772
Change 'their' password
0
 
LVL 1

Author Comment

by:geekdad1
ID: 35710184
Ok guys, get real!  You're suggesting I change 200 users passwords, (and I assume back again) so I can run a 10 minute update.  Don't any of you have to update servers remotely?
0
 
LVL 1

Author Comment

by:geekdad1
ID: 35710377
Here's what I think will work.  Any comments?
open Local Security policy
  -> Local policies
    -> User rights assignment
         -> Allow logon through remote desktop
Remove the remote desktop users group.  Leave administrators in as a group.

In theory that should allow the admins to log in and not anybody else.  Then just add the remote desktop users group once you're done.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 35710570
No comment on my suggestion to remove the group from Remote Desktop Users on the local machine?
0
 
LVL 1

Author Comment

by:geekdad1
ID: 35710975
mattvmotas:

If your comment was the same as my last suggestion, then I'll give you the points.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 750 total points
ID: 35786303
Simply open a command prompt and type CHANGE LOGON /DISABLE. Once you are done with your remote work, type CHANGE LOGON /ENABLE (and of course press enter).

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
LVL 1

Author Comment

by:geekdad1
ID: 35788182
Does this carry over through a reboot?  LIke I said, I want everyone off while the updates happen, but some updates require the server to reboot.  Will I be able to login after the reboot or will the system be locked out?
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 35788202
Honestly I do not remember if it carries over.
What I do is always to do a CHANGE LOGON /ENABLE as soon as I am ready to reboot.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
LVL 1

Author Comment

by:geekdad1
ID: 35788466
thanks for the suggestion.  Here are some additional things I found out about this command.

It doesn't apply to the console.  If you run mstsc /console you can always get on.
You can check the setting with an "CHANGE LOGON /QUERY"  command.

It always reverts back to allowing logins after a reboot.
0
 
LVL 1

Author Closing Comment

by:geekdad1
ID: 35788479
The answer was not complete and I had to go find out more information on my own.  However it was the right solution.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 35788503
Glad it helped.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 35788520
But technically your original question was 100% answered. On another question you asked if it carried over a reboot and so on. That on itself should have been another question. :-)

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Boot PC and press F10, select storage options and change the compatibility from “AHCI” to “IDE”, save and exit 2. Boot PC and press F12 3. Upon PXE display of searching for DHCP server, press Pause break to obtain MAC address 3. Open Configu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question