Forcefull Session LogOff Window server 2008

Only two simultaneous session are allowed by default in window server 2008. I want if another user try to log in, then one of the connected user will automatically or forcefully logged off from server.
martincrewAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MysidiaCommented:
How does this differ from what you are seeing?     When you attempt to log the third session in,  there should be a prompt to select which user to disconnect and an optional  "Force" checkbox.

This is correct.   By default,  remote desktop on Windows server is configured for "remote admin. mode".    Per Microsoft licensing rules,  these  two connections are permitted to be used  exclusively for administering the server:    essentially, these connections are only legally allowed to be used for activities such as configuring the server.

Running business applications or other applications ("remote desktop services")   on a server,  legally requires additional licensing, and the purchase of a RDS CAL   for each  named person--e.g. employee  (or  named device)  authorized to connect -- depending on type of CALs used.
0
martincrewAuthor Commented:
User Selection prompt comes without optional "Force" check box , as user having only "User" privilege , it comes only when user having "Administrator" privilege .

When user select one of the user from selection prompt , then it need to wait for logged in user to accept or reject request I am attaching screen shot for it . I want third user don't need to wait for current user response , just select the user and log in directly .
0
Patrick BogersDatacenter platform engineer LindowsCommented:
In some occasions you get a message displayed "maximum rdp sessions" and the RMD gets terminated.
In that case you could logon to another server and use the quser and logoff command.

quser /SERVER:<servername>           and remember the logon id's

next

logoff 2 /SERVER:<servername>         2 if the user you want to logoff has ID2 in previous command.
1
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

MysidiaCommented:
"as user having only "User" privilege , it comes only when user having "Administrator" privilege . "
This is quite right.   You can only logoff a session with Full Control rights to that session.
Any unsaved changes in that session may be lost.

There are some admin tools that don't cope with this appropriately, and it can cause damage to the server if the session is administrative.

The way to grant the permissions is, either:

1.)  Add the user to the Local Administrators  group on the server in question; or add the user to a group in Active Directory  that is listed in the Local Administrators group on the server.

or

2.)   Open Administrative Tools > Remote Desktop Services > Remote Desktop Host Configuration
on the server

Right click the  RDP-TCP   session pick Properties, go to the security tab
Click the "Advanced"  button

Click "ADD";  Select the desired group,  OK

Tick all the  Allow boxes.
OK
OK

Now the user should have the Full Control  rights to RDP sessions  that is required in order to log off another user's Remote desktop session.

Note this does include the ability to  'Remote control'  or take over control of another user's open  RDP session.

But according to the applicable Microsoft documentation,  Full control permission is indeed required to  disconnect another user,  as noted here:
http://technet.microsoft.com/en-us/library/cc755252.aspx
0
Manjunath SulladTechnical ConsultantCommented:
Default you will get 2 sessions for Windows server 2008,

If you want one more session, You need to configure Winows Terminal service on that server,

and you need to procure a TS (RDS) license for accessing multiple users.

Configure TS : http://technet.microsoft.com/en-us/library/cc754288(v=ws.10).aspx

Manage RDS CAL : http://technet.microsoft.com/en-us/library/dd759163.aspx
0
martincrewAuthor Commented:
Thanks for all replies . I don't want RDS license .

I just want to know is there any possibility or technique from which a third user can log off the session on selection screen of current connected users.
0
Patrick BogersDatacenter platform engineer LindowsCommented:
I gave you the option to didnt i?
0
martincrewAuthor Commented:
Sage thanks for the option but that don’t work for me .
0
MysidiaCommented:
As I mentioned above; the only way to log off another user remotely requires the user who wishes to login to have certain administrative user rights and the security permissions to the terminal server RDP configuration; listed in the above referenced Microsoft document in order to do so.

This would be by design.   You can control which users or groups have adminsitrative rights  and which users have special permissions in the Terminal Services config, but if you do not license RDS,  you cannot control how the 2 connected session limit is enforced.

Of course, you can also set an idle timeout period with forced automatic logout (or disconnect),  which can be established on a per-user basis if necessary.

Terminal Services for administration will not allow the 3rd session to connect, and the 'force disconnect'  option is  only presented if the user requesting to login has certain permissions.


This is not a configurable or customizable aspect of remote desktop for administration -- what happens at login for a new session when the limit is already reached and the user identity logging in is a user that lacks the permissions that are necessary in order to disconnect an existing session.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.