disable logins to remote desktop
How can I disable logins to the remote desktop server, while we are also logged in remotely to run windows updates, etc?
This is for Windows Server 2008
This is for Windows Server 2008
IMHO You should not be doing windows updates when people are working.
ASKER
Of course. That's why we'd like to disable login's. for everyone except administrators would be useful, in case we lose the connection and need to get back on.
Change 'their' password
ASKER
Ok guys, get real! You're suggesting I change 200 users passwords, (and I assume back again) so I can run a 10 minute update. Don't any of you have to update servers remotely?
ASKER
Here's what I think will work. Any comments?
open Local Security policy
-> Local policies
-> User rights assignment
-> Allow logon through remote desktop
Remove the remote desktop users group. Leave administrators in as a group.
In theory that should allow the admins to log in and not anybody else. Then just add the remote desktop users group once you're done.
open Local Security policy
-> Local policies
-> User rights assignment
-> Allow logon through remote desktop
Remove the remote desktop users group. Leave administrators in as a group.
In theory that should allow the admins to log in and not anybody else. Then just add the remote desktop users group once you're done.
No comment on my suggestion to remove the group from Remote Desktop Users on the local machine?
ASKER
mattvmotas:
If your comment was the same as my last suggestion, then I'll give you the points.
If your comment was the same as my last suggestion, then I'll give you the points.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Does this carry over through a reboot? LIke I said, I want everyone off while the updates happen, but some updates require the server to reboot. Will I be able to login after the reboot or will the system be locked out?
Honestly I do not remember if it carries over.
What I do is always to do a CHANGE LOGON /ENABLE as soon as I am ready to reboot.
Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
What I do is always to do a CHANGE LOGON /ENABLE as soon as I am ready to reboot.
Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
ASKER
thanks for the suggestion. Here are some additional things I found out about this command.
It doesn't apply to the console. If you run mstsc /console you can always get on.
You can check the setting with an "CHANGE LOGON /QUERY" command.
It always reverts back to allowing logins after a reboot.
It doesn't apply to the console. If you run mstsc /console you can always get on.
You can check the setting with an "CHANGE LOGON /QUERY" command.
It always reverts back to allowing logins after a reboot.
ASKER
The answer was not complete and I had to go find out more information on my own. However it was the right solution.
Glad it helped.
Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
But technically your original question was 100% answered. On another question you asked if it carried over a reboot and so on. That on itself should have been another question. :-)
Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
Only thing I can think of is to remove your AD Group that has Remote Desktop access from the Remote Desktop Users group on the RDP Server.