Log on time restricitons

[Guest FL]

I have a Windows 2003 64bit TS server and before you suggest using the 2x

secure RDP tool, it doesn't work on a 64bit system.

 

I am looking to apply log on restrictions where users cannot log in on my

terminal server after a certain period of time. Is there any way to do that

via Group Policy or other method that only affects log ons to the terminal

server?

 

Also, can I restrict the domain account from being able to log in via TS

only (don't think so)?

[Guest Jeff Pitsch]

Re: Log on time restricitons

 

Without a 3rd party piece of software like Citrix I do not see how you

could do the logon time restrictions.

 

As for the 2nd question, you can restrict what computers a user is able

to log into and that would be applied at the user account properties.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

FL wrote:

> I have a Windows 2003 64bit TS server and before you suggest using the 2x

> secure RDP tool, it doesn't work on a 64bit system.

>

> I am looking to apply log on restrictions where users cannot log in on my

> terminal server after a certain period of time. Is there any way to do that

> via Group Policy or other method that only affects log ons to the terminal

> server?

>

> Also, can I restrict the domain account from being able to log in via TS

> only (don't think so)?

[Guest FL]

RE: Log on time restricitons

 

Do you know of any other 3rd party tools that allow log on restrictions? You

can't specify which machines the domain account can log into when specifying

that from the AD account.

 

"FL" wrote:

> I have a Windows 2003 64bit TS server and before you suggest using the 2x

> secure RDP tool, it doesn't work on a 64bit system.

>

> I am looking to apply log on restrictions where users cannot log in on my

> terminal server after a certain period of time. Is there any way to do that

> via Group Policy or other method that only affects log ons to the terminal

> server?

>

> Also, can I restrict the domain account from being able to log in via TS

> only (don't think so)?

[Guest Vera Noest [MVP]]

RE: Log on time restricitons

 

A poor man's solution could be to schedule a batch job with the

command:

change logon /disable

 

and another one with:

 

change logon /enable

 

Note that this dis/enables new logons, but doesn't automatically

throw out existing connections. There are commands for that as

well.

 

Terminal Services Command Reference

http://technet2.microsoft.com/windowsserver2008/en/library/2f371848

-5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?Rkw=?= <FL@discussions.microsoft.com> wrote on 27 okt

2008 in microsoft.public.windows.terminal_services:

> Do you know of any other 3rd party tools that allow log on

> restrictions? You can't specify which machines the domain

> account can log into when specifying that from the AD account.

>

> "FL" wrote:

>

>> I have a Windows 2003 64bit TS server and before you suggest

>> using the 2x secure RDP tool, it doesn't work on a 64bit

>> system.

>>

>> I am looking to apply log on restrictions where users cannot

>> log in on my terminal server after a certain period of time.

>> Is there any way to do that via Group Policy or other method

>> that only affects log ons to the terminal server?

>>

>> Also, can I restrict the domain account from being able to log

>> in via TS only (don't think so)?

[Guest Soo Kuan Teo [MSFT]]

Re: Log on time restricitons

 

FL,

for your other q 'I restrict the domain account from being able to log

in via TS

only'. In another word, do you mean you don't want domain accounts (admin or

non-admin) accessing the physical console (but still able to access console

sessions)?

Thanks

Soo Kuan

 

 

--

This posting is provided "AS IS" with no warranties, and confers no rights.

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9B44DE44FB357veranoesthemutforsse@207.46.248.16...

>A poor man's solution could be to schedule a batch job with the

> command:

> change logon /disable

>

> and another one with:

>

> change logon /enable

>

> Note that this dis/enables new logons, but doesn't automatically

> throw out existing connections. There are commands for that as

> well.

>

> Terminal Services Command Reference

> http://technet2.microsoft.com/windowsserver2008/en/library/2f371848

> -5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> =?Utf-8?B?Rkw=?= <FL@discussions.microsoft.com> wrote on 27 okt

> 2008 in microsoft.public.windows.terminal_services:

>

>> Do you know of any other 3rd party tools that allow log on

>> restrictions? You can't specify which machines the domain

>> account can log into when specifying that from the AD account.

>>

>> "FL" wrote:

>>

>>> I have a Windows 2003 64bit TS server and before you suggest

>>> using the 2x secure RDP tool, it doesn't work on a 64bit

>>> system.

>>>

>>> I am looking to apply log on restrictions where users cannot

>>> log in on my terminal server after a certain period of time.

>>> Is there any way to do that via Group Policy or other method

>>> that only affects log ons to the terminal server?

>>>

>>> Also, can I restrict the domain account from being able to log

>>> in via TS only (don't think so)?