• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 770
  • Last Modified:

disable logins to remote desktop

How can I disable logins to the remote desktop server, while we are also logged in remotely to run windows updates, etc?

This is for Windows Server 2008
0
Doug Poulin
Asked:
Doug Poulin
  • 7
  • 4
  • 2
  • +2
1 Solution
 
Matt VCommented:
Anything you do will also prevent you from getting in if you get disconnected.

Only thing I can think of is to remove your AD Group that has Remote Desktop access from the Remote Desktop Users group on the RDP Server.
0
 
pjamCommented:
IMHO You should not be doing windows updates when people are working.
0
 
Doug PoulinCTOAuthor Commented:
Of course.  That's why we'd like to disable login's.  for everyone except administrators would be useful, in case we lose the connection and need to get back on.

0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
WolfhereCommented:
Change 'their' password
0
 
Doug PoulinCTOAuthor Commented:
Ok guys, get real!  You're suggesting I change 200 users passwords, (and I assume back again) so I can run a 10 minute update.  Don't any of you have to update servers remotely?
0
 
Doug PoulinCTOAuthor Commented:
Here's what I think will work.  Any comments?
open Local Security policy
  -> Local policies
    -> User rights assignment
         -> Allow logon through remote desktop
Remove the remote desktop users group.  Leave administrators in as a group.

In theory that should allow the admins to log in and not anybody else.  Then just add the remote desktop users group once you're done.
0
 
Matt VCommented:
No comment on my suggestion to remove the group from Remote Desktop Users on the local machine?
0
 
Doug PoulinCTOAuthor Commented:
mattvmotas:

If your comment was the same as my last suggestion, then I'll give you the points.
0
 
Cláudio RodriguesFounder and CEOCommented:
Simply open a command prompt and type CHANGE LOGON /DISABLE. Once you are done with your remote work, type CHANGE LOGON /ENABLE (and of course press enter).

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
Doug PoulinCTOAuthor Commented:
Does this carry over through a reboot?  LIke I said, I want everyone off while the updates happen, but some updates require the server to reboot.  Will I be able to login after the reboot or will the system be locked out?
0
 
Cláudio RodriguesFounder and CEOCommented:
Honestly I do not remember if it carries over.
What I do is always to do a CHANGE LOGON /ENABLE as soon as I am ready to reboot.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
Doug PoulinCTOAuthor Commented:
thanks for the suggestion.  Here are some additional things I found out about this command.

It doesn't apply to the console.  If you run mstsc /console you can always get on.
You can check the setting with an "CHANGE LOGON /QUERY"  command.

It always reverts back to allowing logins after a reboot.
0
 
Doug PoulinCTOAuthor Commented:
The answer was not complete and I had to go find out more information on my own.  However it was the right solution.
0
 
Cláudio RodriguesFounder and CEOCommented:
Glad it helped.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
Cláudio RodriguesFounder and CEOCommented:
But technically your original question was 100% answered. On another question you asked if it carried over a reboot and so on. That on itself should have been another question. :-)

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 7
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now