Solved

Forcefull Session LogOff Window server 2008

Posted on 2014-03-04
9
3,732 Views
Last Modified: 2014-03-10
Only two simultaneous session are allowed by default in window server 2008. I want if another user try to log in, then one of the connected user will automatically or forcefully logged off from server.
0
Comment
Question by:martincrew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 39905515
How does this differ from what you are seeing?     When you attempt to log the third session in,  there should be a prompt to select which user to disconnect and an optional  "Force" checkbox.

This is correct.   By default,  remote desktop on Windows server is configured for "remote admin. mode".    Per Microsoft licensing rules,  these  two connections are permitted to be used  exclusively for administering the server:    essentially, these connections are only legally allowed to be used for activities such as configuring the server.

Running business applications or other applications ("remote desktop services")   on a server,  legally requires additional licensing, and the purchase of a RDS CAL   for each  named person--e.g. employee  (or  named device)  authorized to connect -- depending on type of CALs used.
0
 

Author Comment

by:martincrew
ID: 39905573
User Selection prompt comes without optional "Force" check box , as user having only "User" privilege , it comes only when user having "Administrator" privilege .

When user select one of the user from selection prompt , then it need to wait for logged in user to accept or reject request I am attaching screen shot for it . I want third user don't need to wait for current user response , just select the user and log in directly .
0
 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 39905577
In some occasions you get a message displayed "maximum rdp sessions" and the RMD gets terminated.
In that case you could logon to another server and use the quser and logoff command.

quser /SERVER:<servername>           and remember the logon id's

next

logoff 2 /SERVER:<servername>         2 if the user you want to logoff has ID2 in previous command.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 23

Expert Comment

by:Mysidia
ID: 39905628
"as user having only "User" privilege , it comes only when user having "Administrator" privilege . "
This is quite right.   You can only logoff a session with Full Control rights to that session.
Any unsaved changes in that session may be lost.

There are some admin tools that don't cope with this appropriately, and it can cause damage to the server if the session is administrative.

The way to grant the permissions is, either:

1.)  Add the user to the Local Administrators  group on the server in question; or add the user to a group in Active Directory  that is listed in the Local Administrators group on the server.

or

2.)   Open Administrative Tools > Remote Desktop Services > Remote Desktop Host Configuration
on the server

Right click the  RDP-TCP   session pick Properties, go to the security tab
Click the "Advanced"  button

Click "ADD";  Select the desired group,  OK

Tick all the  Allow boxes.
OK
OK

Now the user should have the Full Control  rights to RDP sessions  that is required in order to log off another user's Remote desktop session.

Note this does include the ability to  'Remote control'  or take over control of another user's open  RDP session.

But according to the applicable Microsoft documentation,  Full control permission is indeed required to  disconnect another user,  as noted here:
http://technet.microsoft.com/en-us/library/cc755252.aspx
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39906366
Default you will get 2 sessions for Windows server 2008,

If you want one more session, You need to configure Winows Terminal service on that server,

and you need to procure a TS (RDS) license for accessing multiple users.

Configure TS : http://technet.microsoft.com/en-us/library/cc754288(v=ws.10).aspx

Manage RDS CAL : http://technet.microsoft.com/en-us/library/dd759163.aspx
0
 

Author Comment

by:martincrew
ID: 39908423
Thanks for all replies . I don't want RDS license .

I just want to know is there any possibility or technique from which a third user can log off the session on selection screen of current connected users.
0
 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 39908548
I gave you the option to didnt i?
0
 

Author Comment

by:martincrew
ID: 39916736
Sage thanks for the option but that don’t work for me .
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 200 total points
ID: 39916935
As I mentioned above; the only way to log off another user remotely requires the user who wishes to login to have certain administrative user rights and the security permissions to the terminal server RDP configuration; listed in the above referenced Microsoft document in order to do so.

This would be by design.   You can control which users or groups have adminsitrative rights  and which users have special permissions in the Terminal Services config, but if you do not license RDS,  you cannot control how the 2 connected session limit is enforced.

Of course, you can also set an idle timeout period with forced automatic logout (or disconnect),  which can be established on a per-user basis if necessary.

Terminal Services for administration will not allow the 3rd session to connect, and the 'force disconnect'  option is  only presented if the user requesting to login has certain permissions.


This is not a configurable or customizable aspect of remote desktop for administration -- what happens at login for a new session when the limit is already reached and the user identity logging in is a user that lacks the permissions that are necessary in order to disconnect an existing session.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question