How do I restrict Terminal Server logons by username?
Posted on 2011-05-12
I have a specific problem with a Windows 2003 Server that is being used for remote logging on. We do have other Windows 2003 Servers that are used in the same way, to access the same applicatiobn and other users do not have this problem. This 'bad' server has an application installed on it that some business partners of ours are supposed to be logging on to access that application. The terminal server is actually property of the business partners and we just allow it to sit on our network.
We allow the business partners a remote connection to this specific server. There they can access this specific application.
The remote connections are working fine. The problem is printing from this specific application. It is supposed to print tickets (with bar codes); but, for whatever reason the printing will only work correctly if one is logged on as the ‘administrator’ username. Now to make a long story short I have trouble-shooted the problem to be that only the 'administrator' logon works for printing these specific tickets correctly, from this specific application, on this specific server. For testing we alowed one of the users to logon to a different windows terminal server and everything worked just fine. Hence the problem is Server specifc.
If other users logon to the server, then the bar codes are NOT printed out correctly. If the tickets are not printed out correctly then the ticket scanners cannot read the bar code; hence, the problem.
The same exact problem can be duplicated, if one logs on manually(in person) to the server(without the remote connection). All of the users are already in the 'administrators group'. If I create a new test user and put this test user in the administrator's group and then try to print, the new user cannot print the tickets correctly(bar code is not printed correctly). I have tried to un-install and re-install the program. I have had the other users print out a test ticket in word pad and that works; hence, printing from the ticket application while being logged on as another user does not work(being logged on with aother account besides 'administrator'). So users have been logging in to that server as 'administrator' and that works for them. Obviously that is a temporary fix.
The problem is when one user is already logged on as 'administrator' then another remote user logs on 'administrator' then the 2nd logon can see what the first logon session is working on. So, if the 2nd logon session closes the application on the 1st session then that screws up what the 1st user was working on. That is where it gets confusing.
I know the answer is to re-format the Server and start again; but this is not our server and another company will have to do that.
I am wondering if there is a way to restrict 1 username to be logged on remotely at 1 time. So if someone is already logged on as 'administrator'... is there a way to block anyone from logging in again as 'administrator' ? That is until the 1st logon logs out? I am guessing not; because, how would you un-lock the ‘administrator’ logon session then?