Remote Admin without stealing console?

[PiqueABoo]

Admin is logged on in front of 2008 server, but if you RDP to it and log on as Admin to do some remote uhh.. admin, you essentially kick them off and take over their desktop.

I'm sure there's a way to fix that so both folk can work using the Admin account at the same time - might have even fixed it on one box but I've forgotten the details.

Anyone?

[DaveP]

I used to link to our old server using Internet Explorer connecting to a remote session on the server. This way it did not lock the session on the server and transfer the desktop down to me but rather create a new session for me. Could this be what you are looking for?

[DrPerceptron]

Why would you want to Administer the server using "Administrator" anyway? Shouldn't you each have individual accounts so that you can shout at whoever loses their account first (if you do)

Anyway in local group policy (or domain if you run 2008...)

Computer Config > Admin Templates > Windows Components > Terminal Services > Terminal Server > Connections

In there might be an object which is "Restrict user to single session" or something which will change what you want.

Restrict Users to a Single Session

[mark]

Start an rdp session on the server and then type shadow 0 at the command prompt. The first console user than gets a message to accept connection.

[OutToLunch]

In the older RDP client, I thought you had a choice of using the /console switch if you wanted to control the actual session on the server or getting a new session by default - is this not still the case?

[plexer]

I always runs mstsc from the run command

mstsc /v servername /console if I want to connect to the console itself or leave it off for a different session.

Ben

[jamesb]

In 2008 you can have two concurrent administration sessions running, whether one's at the console and one's remote, or both are remote.

However I don't know how happy it'd be with using the same username for both sessions.

As a note, session 0 is no longer the console session. The console session changes dynamically and session 0 is a restricted session for running services only.

[PiqueABoo]

In the non-routine scenarios I want it for I'm perfectly happy having two concurrent sessions with the same Admin logon. Don't care about audit trails, it won't break anything that couldn't be broken the same way with two separate accounts, plus there's the architecture changes noted above re. session 0 (applies to Vista and 2008).

If this was a local support team, routinely accessing server to do [whatever] then yes - each would have their own special admin account for that.