0

Here comes a real softball for your sysadmins from a lowly programmer:

We have a machine with Terminal Services enabled so our clients can preview the next version of our product. I want to turn off Terminal Services for our users while I remote into the machine and perform an upgrade.

How do I turn off Terminal Services access for all users except Administrator? (I'm using Windows Server 2003.)

Bonus: Is there a way I can leave a polite rejection message if they try to connect while I'm performing the upgrade?

Thanks!

Josh Kodroff
  • 551
  • 3
  • 7
  • 13

5 Answers5

2

This is setup by default. You would need to make sure those users that should be allowed in are in the administrators or "remote desktop users" group to allow access. If they must be admins you can take out that group and specify only certain users.

Right click my computer, manage, click "remote" tab, click "enable remote desktop on this computer", click "select remote users"

I don't know a way to change the "you don't have access to term in" message.

MathewC
  • 6,877
  • 9
  • 38
  • 53
1

Hmm there is no date on this post, but all the answers here are very primitive in my opionion.

If you open "terminal services configuration" there is a tab called "permissions" Remove the remote desktop users from here, apply the settings and voila.

As for leaving a note at login. This can be done before the login screen even appears using the local group policy. (found in administrative tools)

The option you would look for is called: "interactive logon: Message text for users attempting to log on"

Hope this helps.

Ben

www.prime-networks.co.uk

0

If you would like to disable sessions from the command line, you can use the CHANGE LOGON command:

CHANGE LOGON {/QUERY | /ENABLE | /DISABLE}

/QUERY Query current session login mode. /ENABLE Enable user login from sessions. /DISABLE Disable user login from sessions.

This won't disconnect current sessions, but it will prevent clients from starting new sessions.

Using this method, a new client attempting to connect will receive a message which states that remote logins are currently disabled.

Jeremy Viet
  • 596
  • 2
  • 7
  • which works because you will already be connected and you can log the others off. Here is the rub though, if your upgrade requires a restart you are in real trouble. – Matt Jul 02 '09 at 17:25
  • That's true if you forget to enable remote logins again and don't have physical access to the server/networked kvm. – Jeremy Viet Jul 02 '09 at 17:30
  • which I am assuming must be the case or he would not say "How do I turn off Terminal Services access for all users except Administrator?" otherwise he should sit down at the machine and unplug the netowrk cable. (said in jest of course :) – Matt Jul 02 '09 at 18:21
0

Right click on my computer, select manage, click on local users and groups and change the users in the terminal services group.

moshen
  • 1,534
  • 1
  • 9
  • 13
0

Option 1: check the option "deny this user permissions to log on any terminal server" on user account's terminal services profile tab.

Option 2: remote them from local remote desktop user account.

The reject message will show the reason why people can't log in.

Hope it helps.

kentchen
  • 754
  • 5
  • 9