none
Maximum concurrent connections in a Windows 2008 R2 server

    Question

  • Hello,

    we use a Win2008R2 server as a single DC. Is it possible to restrict the users in a way that they can only login from one station simultaneously. We use the server at school and for test it should be restricted.

    Thanks in advance

    Regards

    Peter

    Saturday, July 11, 2015 6:06 AM

Answers

  • Hello,

    beside the required configuration settings for the access it is NOT recommended that domain users are working on a DC.

    Keep in mind that a DC is the heart of the domain and contains all security related configuration. Lowering security settings on a DC to use it as Remote Desktop server is bad design.

    For your needs a domain member server should be used for users logon and not a DC.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    Sunday, July 26, 2015 4:04 PM

All replies

  • 1. What does this mean" login from one station simultaneously "? You cannot login to single workstation multiple times, unless you use operating system that allows for it (Linux). Perhaps you mean by using word "simultaneously" something else...

    2. You can limit user to login to workstation by configuring his or her profile. Alternatively you can configure users in groups and set logon locally policy.

    3. At least two DCs are recommended for system reliability.

    4. It is helpful to give more information on the purpose of limits. IMHO, the more limits there are set, the harder is troubleshooting in case of problems.

    M.

    Saturday, July 11, 2015 6:59 AM
  • Hello M,

    I want to restrict access to the DC, that it is not possible to use the same login name from two different PCs simultaneously. In case of writing a test on a computer, two pupils could use the same login name and copy the test. We use standard pc-logins, meanig each machine have a standard login name. The pupils don't have own accounts.

    I know that it would be much better to have two DCs but currently we have only one server = DNS= Fileserver=Printserver. What would you suggest to have more reliability (2 Machines with DC, one of them Fileserver?

    Regards Peter

    Sunday, July 12, 2015 9:15 AM
  • Hi Peter,

    Do you want to restrict a single user to logon to a particular client computer? If yes, you can set "Log on to" propertie in user account in AD.

    The related KB:

    How To Determine from Which Computer a User Logged On

    https://support.microsoft.com/en-us/kb/175062

    I’m glad to be of help to you!


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, July 14, 2015 9:44 AM
    Moderator
  • Hi,

    What you are looking can be managed through Group policy setting where you can restrict the limit of current RDP session and other setting as suitable to you. make the change on server gpedit.msc

    You can also set the maximum number of simultaneous connections allowed for an RD Session Host server by applying the Limit number of connections Group Policy setting. This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC). Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration.

    ============================================

    Mark This as ans if it helped you .

    Thanks 

    PWNKMR

    www.ittechpoint.com


    pwnkmr

    • Proposed as answer by pwnkmr Tuesday, July 14, 2015 1:59 PM
    Tuesday, July 14, 2015 1:59 PM
  • Hello,

    Thank a lot for your help. I will test it with the GPO. I hope it works nevertheless we don't login through Remote Desktop. We login direct by Windows 7 login.

    Regards Peter

    Wednesday, July 15, 2015 7:34 AM
  • Hello,

    Thanks for help. I know this setting in the AD, but it would be nice to have the possibility for a User to login to a different Computer, in the case of an PC trouble.

    Regards Peter

    Wednesday, July 15, 2015 7:37 AM
  • Hello,

    beside the required configuration settings for the access it is NOT recommended that domain users are working on a DC.

    Keep in mind that a DC is the heart of the domain and contains all security related configuration. Lowering security settings on a DC to use it as Remote Desktop server is bad design.

    For your needs a domain member server should be used for users logon and not a DC.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    Sunday, July 26, 2015 4:04 PM