Guest FL Posted October 27, 2008 Posted October 27, 2008 I have a Windows 2003 64bit TS server and before you suggest using the 2x secure RDP tool, it doesn't work on a 64bit system. I am looking to apply log on restrictions where users cannot log in on my terminal server after a certain period of time. Is there any way to do that via Group Policy or other method that only affects log ons to the terminal server? Also, can I restrict the domain account from being able to log in via TS only (don't think so)?
Guest Jeff Pitsch Posted October 27, 2008 Posted October 27, 2008 Re: Log on time restricitons Without a 3rd party piece of software like Citrix I do not see how you could do the logon time restrictions. As for the 2nd question, you can restrict what computers a user is able to log into and that would be applied at the user account properties. Jeff Pitsch Microsoft MVP - Terminal Services FL wrote: > I have a Windows 2003 64bit TS server and before you suggest using the 2x > secure RDP tool, it doesn't work on a 64bit system. > > I am looking to apply log on restrictions where users cannot log in on my > terminal server after a certain period of time. Is there any way to do that > via Group Policy or other method that only affects log ons to the terminal > server? > > Also, can I restrict the domain account from being able to log in via TS > only (don't think so)?
Guest FL Posted October 27, 2008 Posted October 27, 2008 RE: Log on time restricitons Do you know of any other 3rd party tools that allow log on restrictions? You can't specify which machines the domain account can log into when specifying that from the AD account. "FL" wrote: > I have a Windows 2003 64bit TS server and before you suggest using the 2x > secure RDP tool, it doesn't work on a 64bit system. > > I am looking to apply log on restrictions where users cannot log in on my > terminal server after a certain period of time. Is there any way to do that > via Group Policy or other method that only affects log ons to the terminal > server? > > Also, can I restrict the domain account from being able to log in via TS > only (don't think so)?
Guest Vera Noest [MVP] Posted October 27, 2008 Posted October 27, 2008 RE: Log on time restricitons A poor man's solution could be to schedule a batch job with the command: change logon /disable and another one with: change logon /enable Note that this dis/enables new logons, but doesn't automatically throw out existing connections. There are commands for that as well. Terminal Services Command Reference http://technet2.microsoft.com/windowsserver2008/en/library/2f371848 -5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ =?Utf-8?B?Rkw=?= <FL@discussions.microsoft.com> wrote on 27 okt 2008 in microsoft.public.windows.terminal_services: > Do you know of any other 3rd party tools that allow log on > restrictions? You can't specify which machines the domain > account can log into when specifying that from the AD account. > > "FL" wrote: > >> I have a Windows 2003 64bit TS server and before you suggest >> using the 2x secure RDP tool, it doesn't work on a 64bit >> system. >> >> I am looking to apply log on restrictions where users cannot >> log in on my terminal server after a certain period of time. >> Is there any way to do that via Group Policy or other method >> that only affects log ons to the terminal server? >> >> Also, can I restrict the domain account from being able to log >> in via TS only (don't think so)?
Guest Soo Kuan Teo [MSFT] Posted October 28, 2008 Posted October 28, 2008 Re: Log on time restricitons FL, for your other q 'I restrict the domain account from being able to log in via TS only'. In another word, do you mean you don't want domain accounts (admin or non-admin) accessing the physical console (but still able to access console sessions)? Thanks Soo Kuan -- This posting is provided "AS IS" with no warranties, and confers no rights. "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message news:Xns9B44DE44FB357veranoesthemutforsse@207.46.248.16... >A poor man's solution could be to schedule a batch job with the > command: > change logon /disable > > and another one with: > > change logon /enable > > Note that this dis/enables new logons, but doesn't automatically > throw out existing connections. There are commands for that as > well. > > Terminal Services Command Reference > http://technet2.microsoft.com/windowsserver2008/en/library/2f371848 > -5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___ > > =?Utf-8?B?Rkw=?= <FL@discussions.microsoft.com> wrote on 27 okt > 2008 in microsoft.public.windows.terminal_services: > >> Do you know of any other 3rd party tools that allow log on >> restrictions? You can't specify which machines the domain >> account can log into when specifying that from the AD account. >> >> "FL" wrote: >> >>> I have a Windows 2003 64bit TS server and before you suggest >>> using the 2x secure RDP tool, it doesn't work on a 64bit >>> system. >>> >>> I am looking to apply log on restrictions where users cannot >>> log in on my terminal server after a certain period of time. >>> Is there any way to do that via Group Policy or other method >>> that only affects log ons to the terminal server? >>> >>> Also, can I restrict the domain account from being able to log >>> in via TS only (don't think so)?
Recommended Posts