none
Have a spesific user logon only to console and not RDP

    Question

  • Hi,

    Is there a GPO setting for allowing a spesific user only to logon to the console of a server and not RDP to that server. This is only for 1 spesific user, everyone else should be able to use both RDP and Console.


    /Regards Andreas

    Wednesday, March 18, 2015 11:27 AM

Answers

  • > They have a user1 that log on to a server with mstsc /console and then
    > they run a program and just exit the RDP session so that the application
    > is still running. If you then starts mstsc without the console the
    > server starts another session with another ID and then they have issues
    > since the application starts automatically.
     
    Conceptual error... :)
     
    > What they need is to be able to have user1 only run mstsc /console to
    > the server, and the possibility to have user1 physically logon to the
    > console. User1 should not be able to connect with just mstsc.
     
    /console is rdp too, so the answer is "no".
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    • Marked as answer by Andreas2012 Wednesday, March 18, 2015 6:35 PM
    Wednesday, March 18, 2015 12:51 PM

All replies

  • > Is there a GPO setting for allowing a spesific user only to logon to the
    > console of a server and not RDP to that server. This is only for 1
    > spesific user, everyone else should be able to use both RDP and Console.
     
    Deny logon through terminal services for this user in a GPO targeted to
    this server.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, March 18, 2015 11:38 AM
  • Hi again,

    Sorry, I have misunderstood the problem here. The customer have the following situation.

    They have a user1 that log on to a server with mstsc /console and then they run a program and just exit the RDP session so that the application is still running. If you then starts mstsc without the console the server starts another session with another ID and then they have issues since the application starts automatically.

    What they need is to be able to have user1 only run mstsc /console to the server, and the possibility to have user1 physically logon to the console. User1 should not be able to connect with just mstsc.

    Hope you understand my question :) Thanks for reply.


    /Regards Andreas

    Wednesday, March 18, 2015 11:50 AM
  • > They have a user1 that log on to a server with mstsc /console and then
    > they run a program and just exit the RDP session so that the application
    > is still running. If you then starts mstsc without the console the
    > server starts another session with another ID and then they have issues
    > since the application starts automatically.
     
    Conceptual error... :)
     
    > What they need is to be able to have user1 only run mstsc /console to
    > the server, and the possibility to have user1 physically logon to the
    > console. User1 should not be able to connect with just mstsc.
     
    /console is rdp too, so the answer is "no".
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    • Marked as answer by Andreas2012 Wednesday, March 18, 2015 6:35 PM
    Wednesday, March 18, 2015 12:51 PM