Announcement

Collapse
No announcement yet.

Allow remote to Console session only

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allow remote to Console session only

    Dear all
    I use Windows server 2003
    I provide to my friend an account with Administrators right and allow him to RemoteDesktop to this server
    I just want that he can only remote to Console session, not other sessions.
    Of course he can do by argument "/console" (or "/admin").
    But how to force him to remote to Console session event he does not use these arguments?

    Thanks

  • #2
    Re: Allow remote to Console session only

    IMHO the best way is to save a rdp shortcut with all the settings he needs
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Allow remote to Console session only

      What do you mean "IMHO" please?

      Comment


      • #4
        Re: Allow remote to Console session only

        In My Humble Opinion
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Allow remote to Console session only

          Originally posted by Ossian View Post
          In My Humble Opinion

          I thought it was Irreversible Modification Herewithin Overbalancing
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: Allow remote to Console session only

            Can I do anything by GroupPolicy gpedit.msc?

            Comment


            • #7
              Re: Allow remote to Console session only

              Originally posted by thang_ngo_2002 View Post
              Can I do anything by GroupPolicy gpedit.msc?
              If you just want him to logon remotely and not interactively you can use the following GPO settings:

              Computer configuration - Windows Settings - Security Settings - Local policies - User right assignments and configure
              Deny log on locally
              and Allow Log on through terminal services by adding the username or security group in there.
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Allow remote to Console session only

                To summarize, I think it's impossible to prevent someone from using remote desktop to connect to anything other than the console session. Ossian's idea of creating a pre-made shortcut and sending it to your friend seems like solution that would offer the most consistent results.
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: Allow remote to Console session only

                  Originally posted by Nonapeptide View Post
                  To summarize, I think it's impossible to prevent someone from using remote desktop to connect to anything other than the console session. Ossian's idea of creating a pre-made shortcut and sending it to your friend seems like solution that would offer the most consistent results.
                  Of course he knows remote desktop parameters, what I want is force him to do.

                  Other ways, we can change to another remote tools, ex: Dameware, VNC, ... they allow only console session. But they are not good as Remote Desktop

                  Comment


                  • #10
                    Re: Allow remote to Console session only

                    Originally posted by thang_ngo_2002 View Post
                    Other ways, we can change to another remote tools, ex: Dameware, VNC, ... they allow only console session. But they are not good as Remote Desktop
                    As a proponent of Dameware, I would argue against that. In what way does Dameware Mini Remote Controle (DMRC) displease you?
                    Wesley David
                    LinkedIn | Careers 2.0
                    -------------------------------
                    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                    Vendor Neutral Certifications: CWNA
                    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                    Comment


                    • #11
                      Re: Allow remote to Console session only

                      DMRC is not free
                      VNC is free but some cases during longtime remote, it makes problem with memory

                      Comment


                      • #12
                        Re: Allow remote to Console session only

                        You could instruct the user to logon using this command only....

                        mstsc -v:servername /F -console

                        May I ask, is there a specific reason you want them console only?

                        Applies to TS Client versions up to 6 only. XP SP3 and Vista use 6.1 which now requires /admin switch.

                        There's no built-in setting to restrict connections to a 2003 Server (in Remote Admin mode) to console connections (session 0) only.

                        But you can achieve this by running a small script on logon, which checks the sessionID and immediately logs off any non-console sessions:

                        for /f "tokens=3" %%i in ('query session ^| find ">"') do (
                        if %%i neq 0 (
                        msg %%i /w "Sorry....."
                        logoff
                        )
                        )
                        Last edited by fergie; 17th June 2009, 13:21. Reason: Additional Info
                        MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

                        Comment


                        • #13
                          Re: Allow remote to Console session only

                          Originally posted by fergie View Post
                          You could instruct the user to logon using this command only....

                          mstsc -v:servername /F -console

                          May I ask, is there a specific reason you want them console only?

                          Applies to TS Client versions up to 6 only. XP SP3 and Vista use 6.1 which now requires /admin switch.

                          There's no built-in setting to restrict connections to a 2003 Server (in Remote Admin mode) to console connections (session 0) only.

                          But you can achieve this by running a small script on logon, which checks the sessionID and immediately logs off any non-console sessions:

                          for /f "tokens=3" %%i in ('query session ^| find ">"') do (
                          if %%i neq 0 (
                          msg %%i /w "Sorry....."
                          logoff
                          )
                          )
                          You are great! Thanks for intelligent way

                          Comment

                          Working...
                          X