Log on time restricitons

[FL]

I have a Windows 2003 64bit TS server and before you suggest using the 2x
secure RDP tool, it doesn't work on a 64bit system.

I am looking to apply log on restrictions where users cannot log in on my
terminal server after a certain period of time. Is there any way to do that
via Group Policy or other method that only affects log ons to the terminal
server?

Also, can I restrict the domain account from being able to log in via TS
only (don't think so)?

 

[Jeff Pitsch]

Re: Log on time restricitons

Without a 3rd party piece of software like Citrix I do not see how you
could do the logon time restrictions.

As for the 2nd question, you can restrict what computers a user is able
to log into and that would be applied at the user account properties.

Jeff Pitsch
Microsoft MVP - Terminal Services

FL wrote:
> I have a Windows 2003 64bit TS server and before you suggest using the 2x
> secure RDP tool, it doesn't work on a 64bit system.
>
> I am looking to apply log on restrictions where users cannot log in on my
> terminal server after a certain period of time. Is there any way to do that
> via Group Policy or other method that only affects log ons to the terminal
> server?
>
> Also, can I restrict the domain account from being able to log in via TS
> only (don't think so)?

 

[FL]

RE: Log on time restricitons

Do you know of any other 3rd party tools that allow log on restrictions? You
can't specify which machines the domain account can log into when specifying
that from the AD account.

"FL" wrote:

> I have a Windows 2003 64bit TS server and before you suggest using the 2x
> secure RDP tool, it doesn't work on a 64bit system.
>
> I am looking to apply log on restrictions where users cannot log in on my
> terminal server after a certain period of time. Is there any way to do that
> via Group Policy or other method that only affects log ons to the terminal
> server?
>
> Also, can I restrict the domain account from being able to log in via TS
> only (don't think so)?

 

[Vera Noest [MVP]]

RE: Log on time restricitons

A poor man's solution could be to schedule a batch job with the
command:
change logon /disable

and another one with:

change logon /enable

Note that this dis/enables new logons, but doesn't automatically
throw out existing connections. There are commands for that as
well.

Terminal Services Command Reference
http://technet2.microsoft.com/windowsserver2008/en/library/2f371848
-5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Rkw=?= <FL@discussions.microsoft.com> wrote on 27 okt
2008 in microsoft.public.windows.terminal_services:

> Do you know of any other 3rd party tools that allow log on
> restrictions? You can't specify which machines the domain
> account can log into when specifying that from the AD account.
>
> "FL" wrote:
>
>> I have a Windows 2003 64bit TS server and before you suggest
>> using the 2x secure RDP tool, it doesn't work on a 64bit
>> system.
>>
>> I am looking to apply log on restrictions where users cannot
>> log in on my terminal server after a certain period of time.
>> Is there any way to do that via Group Policy or other method
>> that only affects log ons to the terminal server?
>>
>> Also, can I restrict the domain account from being able to log
>> in via TS only (don't think so)?

 

[Soo Kuan Teo [MSFT]]

Re: Log on time restricitons

FL,
for your other q 'I restrict the domain account from being able to log
in via TS
only'. In another word, do you mean you don't want domain accounts (admin or
non-admin) accessing the physical console (but still able to access console
sessions)?
Thanks
Soo Kuan


--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns9B44DE44FB357veranoesthemutforsse@207.46.248.16...
>A poor man's solution could be to schedule a batch job with the
> command:
> change logon /disable
>
> and another one with:
>
> change logon /enable
>
> Note that this dis/enables new logons, but doesn't automatically
> throw out existing connections. There are commands for that as
> well.
>
> Terminal Services Command Reference
> http://technet2.microsoft.com/windowsserver2008/en/library/2f371848
> -5c48-470c-908c-afbc95d3a8051033.mspx?mfr=true
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?Rkw=?= <FL@discussions.microsoft.com> wrote on 27 okt
> 2008 in microsoft.public.windows.terminal_services:
>
>> Do you know of any other 3rd party tools that allow log on
>> restrictions? You can't specify which machines the domain
>> account can log into when specifying that from the AD account.
>>
>> "FL" wrote:
>>
>>> I have a Windows 2003 64bit TS server and before you suggest
>>> using the 2x secure RDP tool, it doesn't work on a 64bit
>>> system.
>>>
>>> I am looking to apply log on restrictions where users cannot
>>> log in on my terminal server after a certain period of time.
>>> Is there any way to do that via Group Policy or other method
>>> that only affects log ons to the terminal server?
>>>
>>> Also, can I restrict the domain account from being able to log
>>> in via TS only (don't think so)?