How do I restrict Terminal Server logons by username?

Posted on 2011-05-12
Last Modified: 2012-05-11

I have a specific problem with a Windows 2003 Server that is being used for remote logging on.  We do have other Windows 2003 Servers that are used in the same way, to access the same applicatiobn and other users do not have this problem.  This 'bad' server has an application installed on it that some business partners of ours are supposed to be logging on to access that application.  The terminal server is actually property of the business partners and we just allow it to sit on our network.  

We allow the business partners a remote connection to this specific server.  There they can access this specific application.

The remote connections are working fine.  The problem is printing from this specific application.  It is supposed to print tickets (with bar codes); but, for whatever reason the printing will only work correctly if one is logged on as the ‘administrator’ username.  Now to make a long story short I have trouble-shooted the problem to be that  only the 'administrator' logon works for printing these specific tickets correctly, from this specific application, on this specific server.  For testing we alowed one of the users to logon to a different windows terminal server and everything worked just fine.  Hence the problem is Server specifc.

If other users logon to the server, then the bar codes are NOT printed out correctly.  If the tickets are not printed out correctly then the ticket scanners cannot read the bar code; hence, the problem.

The same exact problem can be duplicated, if one logs on manually(in person) to the server(without the remote connection).  All of the users are already in the 'administrators group'.  If I create a new test user and put this test user in the administrator's group and then try to print, the new user cannot print the tickets correctly(bar code is not printed correctly).  I have tried to un-install and re-install the program.  I have had the other users print out a test ticket in word pad and that works; hence, printing from the ticket application while being logged on as another user does not work(being logged on with aother account besides 'administrator').  So users have been logging in to that server as 'administrator' and that works for them.  Obviously that is a temporary fix.

The problem is when one user is already logged on as 'administrator' then another remote user logs on 'administrator' then the 2nd logon can see what the first logon session is working on.  So, if the 2nd logon session closes the application on the 1st session then that screws up what the 1st user was working on.  That is where it gets confusing.

I know the answer is to re-format the Server and start again; but this is not our server and another company will have to do that.

I am wondering if there is a way to restrict 1 username to be logged on remotely at 1 time.  So if someone is already logged on as 'administrator'... is there a way to block anyone from logging in again as 'administrator' ? That is until the 1st logon logs out?  I am guessing not; because, how would you un-lock the ‘administrator’ logon session then?  
Question by:Pkafkas
    LVL 8

    Accepted Solution

    There is multiple ways to somewhat get your results.

    If you say that the server only works for administrator then you can go into Terminal server configuration -> properties of RDP -> Metwork adapter -> set maximum connections to one

    Or if many people will connect then maybe you don't want to restrict the user to one login just change the way TS responds to reconnects. Got same place but under Sessions tab change the last section to Overide user settings and set From previous client. Then click ok and got server settings. Change Restrict each user to one session to No if it is at Yes.

    Hope this helps


    Author Comment

    How do I find the 'Terminal Server configuration'?  Where can I find the 'Properties of RDP' ?
    LVL 8

    Expert Comment

    Start -> Administrative Tools -> Terminal Services Configuration

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now