?
Solved

RDP to login to the console using GPO

Posted on 2014-09-02
10
Medium Priority
?
225 Views
Last Modified: 2014-09-03
Is there a GPO setting to force RDP log in to the console instead of using the command mstsc /console?

This is for a Windows 2012 network
0
Comment
Question by:Gerhardpet
  • 5
  • 4
10 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 40298796
Starting with Server 2008, there is no longer a session 0 anymore.  The console command is for backwards compatibility.  (well, technically it exists, but is no longer interactive)

http://blogs.technet.com/b/askperf/archive/2007/04/27/application-compatibility-session-0-isolation.aspx


What are you trying to get done?  Perhaps there is a different path we can take to solve the problem you are facing.
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 40298968
I and my developers are working on a customer's server (Windows 2012) developing a .NET application.

Their IT consultant is making a big deal about use logging in as mstsc /console. He sent the following email making it sound like we are going to run in to problems. He logs in to the server to check up on us and babysit us

On three occassions now when I have logged into your new server CSAPSS3 thelogin has resulted in a failed desktop. This is a result of an incorrect Remote Session being executed.  This is being done by the development team. The server log files show this.

In previous emails, about maybe 8 weeks ago, I had asked them if they knew how to properly connect to a remote server RDP session to ensure they were always using what is referred to as a console or admin session. They said they did not so I sent them the link from Microsoft which showed how to properly do this.

There are two Administrators logged in which is not allowed and causes the issue.

I am only pointing this out because if they do this in the future it might cause issues with this server.

@tsaico: What would you say to this?
0
 
LVL 41

Expert Comment

by:footech
ID: 40299359
Does the server have the RD Session Host role installed?  This link does a pretty good job of any differences.
http://support.microsoft.com/kb/947723

If you're connecting with a newer RDP client (> 6.1), then the /console switch is silently ignored.  If you use the /admin switch, what happens depends on the server version you're connecting to (e.g. 2003, or newer), and whether the RDSH role is installed.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 1

Author Comment

by:Gerhardpet
ID: 40299428
It is a Windows 2012 member server on a domain and it does not have the RD Session Host role installed. My customer is using it as an application server with the application server role installed.
0
 
LVL 41

Expert Comment

by:footech
ID: 40299725
So with that setup you can't log on to a "console" session (as tsaico mentioned), and if you use the /admin switch the link I posted describes the differences.  Having two administrators logged on is common, if it's causing an issue then I can only think it is due to design of an application.  Not being a developer, I couldn't speak to what those issues would be, if any.
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 40299776
It is not causing any issues for our application. The IT consultant is making a big deal out of when we log in with 2 administrators.

That is why I was hoping for a GPO setting to not allow more then one user with an active RDP session.

The IT consultant is constantly loggin in to the server to monitor our activity and then sending emails to the owner to complain.
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 40299869
If you're actively using those sessions, tell the consultant to f**k off, you're doing your job.  If not, then you should be logging off the sessions when not in use, and not just disconnecting.  You can use GP to set limits on RDP connections, like how long a session can be idle before being disconnected, etc.
http://technet.microsoft.com/en-us/library/cc754272.aspx
http://technet.microsoft.com/en-us/library/ee791741(v=ws.10).aspx
0
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points
ID: 40299876
Yes, you could limit the server to only one session, but I think that doesn't really solve anything.  What if you're logged on and doing something and then the consultant wants to log on?
0
 
LVL 1

Author Comment

by:Gerhardpet
ID: 40301340
My developer and QA person are logged in at the same time.

I wish I could tell the consultant to take a hike. The business owner believes everything he says.

So I will just have to make do with what I got

I have set the local policy to end idle or session that are disconnected. This is if someone forgets it will disconnect them in 15 min for disconnected sessions and 1 hour for idle sessions
0
 
LVL 41

Expert Comment

by:footech
ID: 40301434
Honestly it sounds a bit to me like the consultant is stuck in the past where it was sometimes necessary to use the /console switch when installing certain programs (i.e. in the Server 2003 days).  If all he wants is a free session so he can log in at any time, that's a separate issue, and there are other ways for him to access logs, etc.  I think maybe the best you can do is try to explain some of this to the owner.
Best of luck.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question