Remote Admin without stealing console?

PiqueABoo · 17-12-2008, 08:08 PM

Admin is logged on in front of 2008 server, but if you RDP to it and log on as Admin to do some remote uhh.. admin, you essentially kick them off and take over their desktop.

I'm sure there's a way to fix that so both folk can work using the Admin account at the same time - might have even fixed it on one box but I've forgotten the details.

Anyone?

DaveP · 17-12-2008, 08:55 PM

I used to link to our old server using Internet Explorer connecting to a remote session on the server. This way it did not lock the session on the server and transfer the desktop down to me but rather create a new session for me. Could this be what you are looking for?

DrPerceptron · 17-12-2008, 10:12 PM

Why would you want to Administer the server using "Administrator" anyway? Shouldn't you each have individual accounts so that you can shout at whoever loses their account first (if you do)

Anyway in local group policy (or domain if you run 2008...)

Computer Config > Admin Templates > Windows Components > Terminal Services > Terminal Server > Connections

In there might be an object which is "Restrict user to single session" or something which will change what you want.

Restrict Users to a Single Session

mark · 17-12-2008, 10:25 PM

Start an rdp session on the server and then type shadow 0 at the command prompt. The first console user than gets a message to accept connection.

OutToLunch · 18-12-2008, 08:42 AM

In the older RDP client, I thought you had a choice of using the /console switch if you wanted to control the actual session on the server or getting a new session by default - is this not still the case?

plexer · 18-12-2008, 08:48 AM

I always runs mstsc from the run command

mstsc /v servername /console if I want to connect to the console itself or leave it off for a different session.

Ben

jamesb · 18-12-2008, 08:56 AM

In 2008 you can have two concurrent administration sessions running, whether one's at the console and one's remote, or both are remote.

However I don't know how happy it'd be with using the same username for both sessions.

As a note, session 0 is no longer the console session. The console session changes dynamically and session 0 is a restricted session for running services only.

PiqueABoo · 19-12-2008, 09:46 AM

In the non-routine scenarios I want it for I'm perfectly happy having two concurrent sessions with the same Admin logon. Don't care about audit trails, it won't break anything that couldn't be broken the same way with two separate accounts, plus there's the architecture changes noted above re. session 0 (applies to Vista and 2008).

If this was a local support team, routinely accessing server to do [whatever] then yes - each would have their own special admin account for that.

Welcome, Register for free! or Login below:
User Name		Remember Me?
Password

17-12-2008, 08:08 PM	#1
PiqueABoo Join Date: Jan 2006 Posts: 716 Thanks: 7 Thanked 39 Times in 31 Posts Rep Power: 15	Remote Admin without stealing console? Admin is logged on in front of 2008 server, but if you RDP to it and log on as Admin to do some remote uhh.. admin, you essentially kick them off and take over their desktop. I'm sure there's a way to fix that so both folk can work using the Admin account at the same time - might have even fixed it on one box but I've forgotten the details. Anyone?

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Terminal Services Remote Admin Mode	brahma	Windows	0	18-07-2008 03:04 PM
Remote Server Admin Tools Released	Diello	Windows Vista	16	01-04-2008 11:59 AM
Unable to add/remote printers - even as an admin!	Halfmad	Windows	4	06-06-2007 12:43 PM
Calling Sophos Experts - EM Console / Remote Install		Windows	10	10-10-2006 03:09 PM
Using Remote Desktop Console.....any issues?	tosca925	Windows	5	24-01-2006 04:17 PM

Thread Tools	Search Thread
Show Printable Version Email this Page	Search Thread: Advanced Search

		EduGeek.net Forums > Technical > Windows Server 2000/2003
Remote Admin without stealing console?

17-12-2008, 08:55 PM	#2
DaveP Join Date: Oct 2006 Location: Home Counties Posts: 644 Thanks: 20 Thanked 29 Times in 11 Posts Rep Power: 16	I used to link to our old server using Internet Explorer connecting to a remote session on the server. This way it did not lock the session on the server and transfer the desktop down to me but rather create a new session for me. Could this be what you are looking for?

17-12-2008, 10:12 PM	#3
DrPerceptron Join Date: Dec 2008 Location: In a house Posts: 439 Thanks: 12 Thanked 43 Times in 38 Posts Rep Power: 11	Why would you want to Administer the server using "Administrator" anyway? Shouldn't you each have individual accounts so that you can shout at whoever loses their account first (if you do) Anyway in local group policy (or domain if you run 2008...) Computer Config > Admin Templates > Windows Components > Terminal Services > Terminal Server > Connections In there might be an object which is "Restrict user to single session" or something which will change what you want. Restrict Users to a Single Session

17-12-2008, 10:25 PM	#4
mark Join Date: Jun 2005 Location: x-communicated Posts: 4,000 Thanks: 73 Thanked 29 Times in 25 Posts Blog Entries: 2 Rep Power: 22	Start an rdp session on the server and then type shadow 0 at the command prompt. The first console user than gets a message to accept connection.

18-12-2008, 08:42 AM	#5
OutToLunch Join Date: Feb 2006 Location: Derbyshire Posts: 1,007 Thanks: 57 Thanked 111 Times in 99 Posts Rep Power: 32	In the older RDP client, I thought you had a choice of using the /console switch if you wanted to control the actual session on the server or getting a new session by default - is this not still the case?

18-12-2008, 08:48 AM	#6
plexer Join Date: Dec 2005 Location: Norfolk Posts: 5,148 Thanks: 52 Thanked 229 Times in 208 Posts Rep Power: 60	I always runs mstsc from the run command mstsc /v servername /console if I want to connect to the console itself or leave it off for a different session. Ben

18-12-2008, 08:56 AM	#7
jamesb Join Date: Mar 2008 Location: Bedford Posts: 862 Thanks: 13 Thanked 105 Times in 93 Posts Rep Power: 24	In 2008 you can have two concurrent administration sessions running, whether one's at the console and one's remote, or both are remote. However I don't know how happy it'd be with using the same username for both sessions. As a note, session 0 is no longer the console session. The console session changes dynamically and session 0 is a restricted session for running services only.

19-12-2008, 09:46 AM	#8
PiqueABoo Join Date: Jan 2006 Posts: 716 Thanks: 7 Thanked 39 Times in 31 Posts Rep Power: 15	In the non-routine scenarios I want it for I'm perfectly happy having two concurrent sessions with the same Admin logon. Don't care about audit trails, it won't break anything that couldn't be broken the same way with two separate accounts, plus there's the architecture changes noted above re. session 0 (applies to Vista and 2008). If this was a local support team, routinely accessing server to do [whatever] then yes - each would have their own special admin account for that.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Windows Server 2000/2003 forum sponsored by

Remote Admin without stealing console?