Prevent non-admin user from logging on via RDP while administrator is logged on via RDP RRS feed

  • Question

  • How do I prevent non-administrative users from logging on while I am logged on as admin via RDP?

    Here is what happens:

    • I have an RDP session open to a Windows 7 Pro workstation and am in the middle of a software upgrade
    • I step away from my computer for two minutes while the upgrade is running.
    • Another non-administrative user logs on. Of course this pops up the request for my approval, but since I have stepped away for two minutes, the 30-second request period expires, the request is automatically granted, and I am disconnected.

    This is bad news because now the user is using the computer while my installation is still in progress.

    How do I prevent non-administrative users from logging on while I am logged on remotely as administrator?

    Friday, July 12, 2013 2:21 PM

All replies

  • After a quick search you're certainly not alone! From this discussion http://www.sevenforums.com/network-sharing/222661-remote-desktop-disconnects-rdp-user-when-2nd-rdp-user-tries-log.html you may be able to do what you're looking for via GPO or local policy. Specifically the "Deny logoff of an administrator logged in to the console session" rule. The full list of options for the GPO is here http://technet.microsoft.com/en-us/library/ee791756(v=ws.10).aspx and if you needed to set it up locally instead then most of them should also be able via the local policies, though the exact list of options available depends on the version of Windows 7 you're running.
    Friday, July 12, 2013 3:13 PM
  • That may be an OK solution for an IT manager who can set up the policy once for 200 computers, but I manage IT services for several small companies, meaning that I would have to implement this on a hundred computers spread across three or four domains at different clients--and it may not work on some of them, who are still running SBS 2003.

    I guess, more than anything, I wonder who MS polled that thought it would be logical to leave programs running under a non-admin user while attempting to update that computer as an administrator--which is the net effect of removing the ability to actually disable (not just hide) Fast User Switching.

    I suppose it should not matter to me, but the cost to my clients of managing their systems is directly tied to the amount of time it takes me to manage them, and I saw that cost drop steadily until Windows XP SP3 and then trend back upward with the advent of Windows 7 due to issues such as the current one. Now, I regularly have other users take over my remote session, sometimes while I am in the middle of running an update--not a good situation.

    Tuesday, July 23, 2013 3:38 PM