2K8R2 drain mode, cannot chglogon /drain, should we change

Hi,

I'd like to activate drain mode on our terminal servers: http://blogs.msdn.com/b/rds/archive/2007/06/15/introducing-terminal-services-server-drain-mode.aspx

But my policy won't let me to, if I do chglogon /drain it says "connections are currently ENABLED by group policy ... unable to change".

I can set the policy to not configured but I am not eager to, I don't want to impact users.

 located in Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> "Allow users to connect remotely using Remote Desktop Services" –

Have you configured it too and it works correctly?

Pls advise.
J.
janhoedtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

joharderCommented:
In order to drain a server, new connections must be disabled .  Otherwise, the two policies would counter each other.

Typically, you would drain a subset of servers at any given time, not all servers.  Thus, users could still logon and do their work, but not on the draining servers.
0
MaheshArchitectCommented:
You must be having enabled RDP protocol on RD session host servers in system\remote settings and also must be added required users \ groups in Remote Desktop users local group on same server.
So in reality you need to make "Allow users to connect remotely using Remote Desktop Services" GPO setting mentioned in question to "Not Configured"
Then run gpupdate /force on terminal server and run change logon command from elevated command prompt, it should work.
If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet.
Taken from GPO setting description.
0
janhoedtAuthor Commented:
So changing this policy to not configured won t impact production servers (terminal servers and their connections€ not at all?
Don t get it since the policy need to be there to make terminal services work at all.
0
MaheshArchitectCommented:
U need to ensure that Remote Desktop is enabled on all RD Session Host Servers and  required users (Domain users built-in group) is added in Remote Desktop Users local group on each server
Then above GPO setting is not required
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.