Remote Desktop Services Restrict Single Session
Hello,
I Deployed a RDS-Farm with 3 Servers (2012R2) where multiple users use remoteapps, webapps and remotedesktop to connect to the RDS-Farm.
And there we have a strange issue with the Single Sessions Restriction.
I created a GPO for the Servers with the Policy "Restrict Remote Desktop Services users to a single Remote Desktop Services session" which i have enabled to force single session per User.
If now a User connect over remoteapps he will connect to (example) session 1 on Server 1. Okay now if the same user connect over webapps he will be connected to the same session. But if the user connect over remotedesktop (rdp) he will be connected to a other session on a other Server and there is the Problem if he connect with a other session on a other Server he will use Temp. profiles.
I would like to force single session for the users, never mind with Connection method they use.
Maybe someone knows how i could do this.
Thanks in advance for all help.
I Deployed a RDS-Farm with 3 Servers (2012R2) where multiple users use remoteapps, webapps and remotedesktop to connect to the RDS-Farm.
And there we have a strange issue with the Single Sessions Restriction.
I created a GPO for the Servers with the Policy "Restrict Remote Desktop Services users to a single Remote Desktop Services session" which i have enabled to force single session per User.
If now a User connect over remoteapps he will connect to (example) session 1 on Server 1. Okay now if the same user connect over webapps he will be connected to the same session. But if the user connect over remotedesktop (rdp) he will be connected to a other session on a other Server and there is the Problem if he connect with a other session on a other Server he will use Temp. profiles.
I would like to force single session for the users, never mind with Connection method they use.
Maybe someone knows how i could do this.
Thanks in advance for all help.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Unfortunately you can't do what you want the way you are trying to do it. If you allow users to connect directly using RDC then the policy you are setting is only getting enforced by that server. It has no way to check and see if the user has already logged on with another server, so you can't do a global policy like that.
In 2012, Microsoft has really gone away from even having users fire up RDC at all though. The "apps" in the various app stores (google play, Apple store, etc) as well as the win8/10 app, as well as the RDWeb interface for older clients (XP-Win7) all rely on connecting to the RD Connection Broker first. This ensures session affinity and resolves all of your problems in one fell swoop. The RDCB will redirect to the existing session and that machine will enforce the policy. This is the modern architecture and Microsoft has orchestrated *everything* around it.
So short answer? Don't deploy files that use RDC directly. Don't give out information with machine name so users can do it manually. Have them use the modern apps (which pull the XML data from RDWeb) or have them use RDWeb. Then they will always be going through RDCB as intended.
In 2012, Microsoft has really gone away from even having users fire up RDC at all though. The "apps" in the various app stores (google play, Apple store, etc) as well as the win8/10 app, as well as the RDWeb interface for older clients (XP-Win7) all rely on connecting to the RD Connection Broker first. This ensures session affinity and resolves all of your problems in one fell swoop. The RDCB will redirect to the existing session and that machine will enforce the policy. This is the modern architecture and Microsoft has orchestrated *everything* around it.
So short answer? Don't deploy files that use RDC directly. Don't give out information with machine name so users can do it manually. Have them use the modern apps (which pull the XML data from RDWeb) or have them use RDWeb. Then they will always be going through RDCB as intended.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012
From novice to tech pro — start learning today.
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 388 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 450 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2010… 139 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/2683b4ff-0ae1-4634-b666-e59cb5cf3882/how-to-restrict-user-to-have-a-single-session-for-remoteapp-or-remote-desktop-connection?forum=winserverTS