RDP to login to the console using GPO

Is there a GPO setting to force RDP log in to the console instead of using the command mstsc /console?

This is for a Windows 2012 network
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Starting with Server 2008, there is no longer a session 0 anymore.  The console command is for backwards compatibility.  (well, technically it exists, but is no longer interactive)


What are you trying to get done?  Perhaps there is a different path we can take to solve the problem you are facing.
GerhardpetAuthor Commented:
I and my developers are working on a customer's server (Windows 2012) developing a .NET application.

Their IT consultant is making a big deal about use logging in as mstsc /console. He sent the following email making it sound like we are going to run in to problems. He logs in to the server to check up on us and babysit us

On three occassions now when I have logged into your new server CSAPSS3 thelogin has resulted in a failed desktop. This is a result of an incorrect Remote Session being executed.  This is being done by the development team. The server log files show this.

In previous emails, about maybe 8 weeks ago, I had asked them if they knew how to properly connect to a remote server RDP session to ensure they were always using what is referred to as a console or admin session. They said they did not so I sent them the link from Microsoft which showed how to properly do this.

There are two Administrators logged in which is not allowed and causes the issue.

I am only pointing this out because if they do this in the future it might cause issues with this server.

@tsaico: What would you say to this?
Does the server have the RD Session Host role installed?  This link does a pretty good job of any differences.

If you're connecting with a newer RDP client (> 6.1), then the /console switch is silently ignored.  If you use the /admin switch, what happens depends on the server version you're connecting to (e.g. 2003, or newer), and whether the RDSH role is installed.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

GerhardpetAuthor Commented:
It is a Windows 2012 member server on a domain and it does not have the RD Session Host role installed. My customer is using it as an application server with the application server role installed.
So with that setup you can't log on to a "console" session (as tsaico mentioned), and if you use the /admin switch the link I posted describes the differences.  Having two administrators logged on is common, if it's causing an issue then I can only think it is due to design of an application.  Not being a developer, I couldn't speak to what those issues would be, if any.
GerhardpetAuthor Commented:
It is not causing any issues for our application. The IT consultant is making a big deal out of when we log in with 2 administrators.

That is why I was hoping for a GPO setting to not allow more then one user with an active RDP session.

The IT consultant is constantly loggin in to the server to monitor our activity and then sending emails to the owner to complain.
If you're actively using those sessions, tell the consultant to f**k off, you're doing your job.  If not, then you should be logging off the sessions when not in use, and not just disconnecting.  You can use GP to set limits on RDP connections, like how long a session can be idle before being disconnected, etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Yes, you could limit the server to only one session, but I think that doesn't really solve anything.  What if you're logged on and doing something and then the consultant wants to log on?
GerhardpetAuthor Commented:
My developer and QA person are logged in at the same time.

I wish I could tell the consultant to take a hike. The business owner believes everything he says.

So I will just have to make do with what I got

I have set the local policy to end idle or session that are disconnected. This is if someone forgets it will disconnect them in 15 min for disconnected sessions and 1 hour for idle sessions
Honestly it sounds a bit to me like the consultant is stuck in the past where it was sometimes necessary to use the /console switch when installing certain programs (i.e. in the Server 2003 days).  If all he wants is a free session so he can log in at any time, that's a separate issue, and there are other ways for him to access logs, etc.  I think maybe the best you can do is try to explain some of this to the owner.
Best of luck.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.