none
Overtaking disconnected sessions by other clients

    Dotaz

  • I found a few posts about similar issues, but I don't think any of them apply to my problem (if I missed any posts, sorry!).

    On a Terminal Server, there is only one user - "dice." The reason there is only one user is that we have a lot of clients who use RDP to connect with the server and there is no need for all of them to have their own local accounts on the server. I am a new IT guy and the following problem has always been unresolved ( at least so I was told):

    When computer A connects with the server, it begins a new session. If the session is alive, and another computer, B, initiates a new session, two sessions are alive. Now, the computer A disconnects from the session and a computer C initiates a remote connection, but instead of creating a third, independent session, it is connected to the previously disconnected A's session. It can be very problematic, especially when the clients are working on some confidential documents.

    I tried different settings in the Group Policy Object Editor, e.g. setting the Licencing Mode to "Per User" and "Per Device," but none of these changes helped.

    How can I fix it? I am using the Windows Server 2003 on the Terminal Server and the clients' machines' OS are Windows XP or Windows 7.

    Thanks!!



    27. června 2012 19:56

Odpovědi

  • Hi,

    By default, We restrict the remote desktop services users to a single remote Remote Desktop Services session.If you don't want to create all of them to have their own local accounts on the server,and then you need to log off instead of disconnecting from the session.



    Regards,

    Clarence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.



    4. července 2012 7:26
  • Hi,

    Please understand that there is no real security if all users log on using the same user name/password regardless of how you configure the server.  When using the same user account each person has access to everything the other people have access to, including (but not limited to) other sessions running on the server.  Having the server set up this way means you should expect confidential information to be compromised, whether you are aware of it occurring or not.

    In order to limit the frequency of the reconnect to existing session scenario you describe you need to modify the session timeout and reconnect settings.  You may do this for all users (including admins) by opening Terminal Services Configuration (tscc.msc), double-click RDP-Tcp.  On the Sessions tab, select Override user settings and set End a disconnected session to 1 minute.  Next select Override user settings and select When a session limit is reached or a connection is broken: End session.

    After saving the above changes you may make the End a disconnected session time shorter (1 second) by editing the registry manually.  To do this you would modify the following registry value:

    HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

    MaxDisconnectionTime     REG_DWORD     0x000003e8  (1000)

    You may do the above using group policy, however, you will need to create a custom .adm file so that you have the option of setting the disconnection timeout to 1 second.  With group policy you could have the settings only apply to certain users instead of all users.

    Again, I must stress that even with the above set it is still possible for a person to connect to a session that another person was/is using.

    -TP

    4. července 2012 10:55

Všechny reakce

  • Hi,

    By default, We restrict the remote desktop services users to a single remote Remote Desktop Services session.If you don't want to create all of them to have their own local accounts on the server,and then you need to log off instead of disconnecting from the session.



    Regards,

    Clarence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.



    4. července 2012 7:26
  • Hi,

    Please understand that there is no real security if all users log on using the same user name/password regardless of how you configure the server.  When using the same user account each person has access to everything the other people have access to, including (but not limited to) other sessions running on the server.  Having the server set up this way means you should expect confidential information to be compromised, whether you are aware of it occurring or not.

    In order to limit the frequency of the reconnect to existing session scenario you describe you need to modify the session timeout and reconnect settings.  You may do this for all users (including admins) by opening Terminal Services Configuration (tscc.msc), double-click RDP-Tcp.  On the Sessions tab, select Override user settings and set End a disconnected session to 1 minute.  Next select Override user settings and select When a session limit is reached or a connection is broken: End session.

    After saving the above changes you may make the End a disconnected session time shorter (1 second) by editing the registry manually.  To do this you would modify the following registry value:

    HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

    MaxDisconnectionTime     REG_DWORD     0x000003e8  (1000)

    You may do the above using group policy, however, you will need to create a custom .adm file so that you have the option of setting the disconnection timeout to 1 second.  With group policy you could have the settings only apply to certain users instead of all users.

    Again, I must stress that even with the above set it is still possible for a person to connect to a session that another person was/is using.

    -TP

    4. července 2012 10:55