Windows 2000 TS, restricting users to 1 session

  • Thread starter Thread starter Chris Swinney
  • Start date Start date
C

Chris Swinney

Guest
Hi all,

I see that there are GPOs that can be set to restrict user creating more
than 1 session for TS in Win 2003, but we have issues with a Win 2000 TS
server. I have also noted that there are GPOs that use keepalive so that
dropped session can be disconnected properly.

We have remote users that connect in via VPN then use TS to run certain
apps. Sometimes the VPN disconnects and the TS session is broken. I have set
the option in the properties of the users so that they SHOULD be able to
reconnect from any client, however, what appear to be happening is that the
user attempts to log back on and a new session is started.

I would like to set Win 2000 TS so that only 1 session can be activated per
user and if a remote connection fails then the user will be able to reconnect
to the correct session.

Is this possible, possibly through registry hacks?

Chris
 
Re: Windows 2000 TS, restricting users to 1 session

From Microsofts Terminal Services FAQ
http://www.microsoft.com/technet/community/en-
us/terminal/terminal_faq.mspx

Q. How can I limit Terminal Services so that a user can connect
only one time?

A. For Windows 2000, there is a third-party application available
that does this. For more information, see thethin.net/r25b.zip.

For Windows Server 2003, set the Restrict each user to one session
option to Yes in Terminal Services Configuration. Alternatively,
set the Restrict Terminal Services users to a single remote session
group policy to Enabled.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
<ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007 in
microsoft.public.windows.terminal_services:

> Hi all,
>
> I see that there are GPOs that can be set to restrict user
> creating more than 1 session for TS in Win 2003, but we have
> issues with a Win 2000 TS server. I have also noted that there
> are GPOs that use keepalive so that dropped session can be
> disconnected properly.
>
> We have remote users that connect in via VPN then use TS to run
> certain apps. Sometimes the VPN disconnects and the TS session
> is broken. I have set the option in the properties of the users
> so that they SHOULD be able to reconnect from any client,
> however, what appear to be happening is that the user attempts
> to log back on and a new session is started.
>
> I would like to set Win 2000 TS so that only 1 session can be
> activated per user and if a remote connection fails then the
> user will be able to reconnect to the correct session.
>
> Is this possible, possibly through registry hacks?
>
> Chris
 
Re: Windows 2000 TS, restricting users to 1 session

Many thanks Vera,

Do you know if the app will force a session to reconnect to one where the
network connection has been unexpectedly disconnected?

I belive this situation leads to an "active orphaned seesion" and as I
understandi it, setting the GPO that deals with keepalive enable the TS
server to detect this situation and hence disconnection the session - but
thisonly works with Windows 2003, not 2000 - unless there is another fix for
that (if needed)?


Chris


"Vera Noest [MVP]" wrote:

> From Microsofts Terminal Services FAQ
> http://www.microsoft.com/technet/community/en-
> us/terminal/terminal_faq.mspx
>
> Q. How can I limit Terminal Services so that a user can connect
> only one time?
>
> A. For Windows 2000, there is a third-party application available
> that does this. For more information, see thethin.net/r25b.zip.
>
> For Windows Server 2003, set the Restrict each user to one session
> option to Yes in Terminal Services Configuration. Alternatively,
> set the Restrict Terminal Services users to a single remote session
> group policy to Enabled.
>
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi all,
> >
> > I see that there are GPOs that can be set to restrict user
> > creating more than 1 session for TS in Win 2003, but we have
> > issues with a Win 2000 TS server. I have also noted that there
> > are GPOs that use keepalive so that dropped session can be
> > disconnected properly.
> >
> > We have remote users that connect in via VPN then use TS to run
> > certain apps. Sometimes the VPN disconnects and the TS session
> > is broken. I have set the option in the properties of the users
> > so that they SHOULD be able to reconnect from any client,
> > however, what appear to be happening is that the user attempts
> > to log back on and a new session is started.
> >
> > I would like to set Win 2000 TS so that only 1 session can be
> > activated per user and if a remote connection fails then the
> > user will be able to reconnect to the correct session.
> >
> > Is this possible, possibly through registry hacks?
> >
> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

No, the SingleUser app doesn't help you there. It simply disallows
a user to create a second TS session (by creating a lock file in
the user's home directory).
Reconnection to broken connections doesn't work very well (if at
all) in W2K.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
<ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007 in
microsoft.public.windows.terminal_services:

> Many thanks Vera,
>
> Do you know if the app will force a session to reconnect to one
> where the network connection has been unexpectedly disconnected?
>
> I belive this situation leads to an "active orphaned seesion"
> and as I understandi it, setting the GPO that deals with
> keepalive enable the TS server to detect this situation and
> hence disconnection the session - but thisonly works with
> Windows 2003, not 2000 - unless there is another fix for that
> (if needed)?
>
>
> Chris
>
>
> "Vera Noest [MVP]" wrote:
>
>> From Microsofts Terminal Services FAQ
>> http://www.microsoft.com/technet/community/en-
>> us/terminal/terminal_faq.mspx
>>
>> Q. How can I limit Terminal Services so that a user can connect
>> only one time?
>>
>> A. For Windows 2000, there is a third-party application
>> available that does this. For more information, see
>> thethin.net/r25b.zip.
>>
>> For Windows Server 2003, set the Restrict each user to one
>> session option to Yes in Terminal Services Configuration.
>> Alternatively, set the Restrict Terminal Services users to a
>> single remote session group policy to Enabled.
>>
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
>> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007
>> in microsoft.public.windows.terminal_services:
>>
>> > Hi all,
>> >
>> > I see that there are GPOs that can be set to restrict user
>> > creating more than 1 session for TS in Win 2003, but we have
>> > issues with a Win 2000 TS server. I have also noted that
>> > there are GPOs that use keepalive so that dropped session can
>> > be disconnected properly.
>> >
>> > We have remote users that connect in via VPN then use TS to
>> > run certain apps. Sometimes the VPN disconnects and the TS
>> > session is broken. I have set the option in the properties of
>> > the users so that they SHOULD be able to reconnect from any
>> > client, however, what appear to be happening is that the user
>> > attempts to log back on and a new session is started.
>> >
>> > I would like to set Win 2000 TS so that only 1 session can be
>> > activated per user and if a remote connection fails then the
>> > user will be able to reconnect to the correct session.
>> >
>> > Is this possible, possibly through registry hacks?
>> >
>> > Chris
 
Re: Windows 2000 TS, restricting users to 1 session

Again, thanks

I asume that the only solution if by using Windows 2003?

I suppose I could use a get around by using a short (ish) idle timeout. Of
course I will then have to put up with users that will complain because the
session disconnects if the nipped off for a cup of tea!

"Vera Noest [MVP]" wrote:

> No, the SingleUser app doesn't help you there. It simply disallows
> a user to create a second TS session (by creating a lock file in
> the user's home directory).
> Reconnection to broken connections doesn't work very well (if at
> all) in W2K.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007 in
> microsoft.public.windows.terminal_services:
>
> > Many thanks Vera,
> >
> > Do you know if the app will force a session to reconnect to one
> > where the network connection has been unexpectedly disconnected?
> >
> > I belive this situation leads to an "active orphaned seesion"
> > and as I understandi it, setting the GPO that deals with
> > keepalive enable the TS server to detect this situation and
> > hence disconnection the session - but thisonly works with
> > Windows 2003, not 2000 - unless there is another fix for that
> > (if needed)?
> >
> >
> > Chris
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> From Microsofts Terminal Services FAQ
> >> http://www.microsoft.com/technet/community/en-
> >> us/terminal/terminal_faq.mspx
> >>
> >> Q. How can I limit Terminal Services so that a user can connect
> >> only one time?
> >>
> >> A. For Windows 2000, there is a third-party application
> >> available that does this. For more information, see
> >> thethin.net/r25b.zip.
> >>
> >> For Windows Server 2003, set the Restrict each user to one
> >> session option to Yes in Terminal Services Configuration.
> >> Alternatively, set the Restrict Terminal Services users to a
> >> single remote session group policy to Enabled.
> >>
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007
> >> in microsoft.public.windows.terminal_services:
> >>
> >> > Hi all,
> >> >
> >> > I see that there are GPOs that can be set to restrict user
> >> > creating more than 1 session for TS in Win 2003, but we have
> >> > issues with a Win 2000 TS server. I have also noted that
> >> > there are GPOs that use keepalive so that dropped session can
> >> > be disconnected properly.
> >> >
> >> > We have remote users that connect in via VPN then use TS to
> >> > run certain apps. Sometimes the VPN disconnects and the TS
> >> > session is broken. I have set the option in the properties of
> >> > the users so that they SHOULD be able to reconnect from any
> >> > client, however, what appear to be happening is that the user
> >> > attempts to log back on and a new session is started.
> >> >
> >> > I would like to set Win 2000 TS so that only 1 session can be
> >> > activated per user and if a remote connection fails then the
> >> > user will be able to reconnect to the correct session.
> >> >
> >> > Is this possible, possibly through registry hacks?
> >> >
> >> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

Hi Chris,

Use notepad to create a file on your TS named keepalive.reg
with the following contents:

>>> Begin file contents below this line

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"KeepAliveEnable"=dword:00000001
"KeepAliveInterval"=dword:00000001

<<< End file contents above this line

After you are finished double-click the file to add the settings
to the registry. You need to restart for the changes to take
effect.

The above will enable TS Keepalives on a windows 2000
server just like if you had set the group policy for a 2003
server. That way the server will better detect unexpectedly
disconnected sessions and transition them to the Disconnected
state. As with 2003 it is not perfect; sometimes it can take
over a minute to detect a lost session.

-TP

Chris Swinney wrote:
> Many thanks Vera,
>
> Do you know if the app will force a session to reconnect to one where
> the network connection has been unexpectedly disconnected?
>
> I belive this situation leads to an "active orphaned seesion" and as I
> understandi it, setting the GPO that deals with keepalive enable the
> TS server to detect this situation and hence disconnection the
> session - but thisonly works with Windows 2003, not 2000 - unless
> there is another fix for that (if needed)?
>
>
> Chris
 
Re: Windows 2000 TS, restricting users to 1 session

Reconnect works as well on 2000 as 2003 in my experience.
The only difference really is that 2003 will automatically
attempt to connect you to a session that is in the Active state
(if restrict to one session is set). I say attempt because in
certain circumstances it will not be able to connect to the
session in which case a new session will be created just like
2000 would do.

-TP

Vera Noest [MVP] wrote:
> No, the SingleUser app doesn't help you there. It simply disallows
> a user to create a second TS session (by creating a lock file in
> the user's home directory).
> Reconnection to broken connections doesn't work very well (if at
> all) in W2K.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
 
Re: Windows 2000 TS, restricting users to 1 session

TP, thats great. With this and the info from Vera we should at least be able
to get TS working somewhere near as expected. I think a 1 minute time out is
acceptable. Better that then setting the idle limit to low.

As a rule of thumb, I try to set the idle and disconnect times at 15 mins.
These normally give users a chance to reconnect to a session. The majority of
user I have set up use TS over remote VPNs, so the potential from dropped
connections seems quite high.

Many thanks both of you.

Chris


"TP" wrote:

> Hi Chris,
>
> Use notepad to create a file on your TS named keepalive.reg
> with the following contents:
>
> >>> Begin file contents below this line

> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
> "KeepAliveEnable"=dword:00000001
> "KeepAliveInterval"=dword:00000001
>
> <<< End file contents above this line
>
> After you are finished double-click the file to add the settings
> to the registry. You need to restart for the changes to take
> effect.
>
> The above will enable TS Keepalives on a windows 2000
> server just like if you had set the group policy for a 2003
> server. That way the server will better detect unexpectedly
> disconnected sessions and transition them to the Disconnected
> state. As with 2003 it is not perfect; sometimes it can take
> over a minute to detect a lost session.
>
> -TP
>
> Chris Swinney wrote:
> > Many thanks Vera,
> >
> > Do you know if the app will force a session to reconnect to one where
> > the network connection has been unexpectedly disconnected?
> >
> > I belive this situation leads to an "active orphaned seesion" and as I
> > understandi it, setting the GPO that deals with keepalive enable the
> > TS server to detect this situation and hence disconnection the
> > session - but thisonly works with Windows 2003, not 2000 - unless
> > there is another fix for that (if needed)?
> >
> >
> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

Thanks TP, that great.

I think a 1 minute timeout before reconnection is acceptable. Better that
than having to set the idle time to low. As a rule of thumb I try to set the
idle and disconnection times at 15 mins. Most of the users that we set up use
VPN to access the TS server and there seem to be a high disconnection rate,
but these settings seems to give enough time for the users to sort themselves
out if needed.

With both of these, we should be able to get TS working somewhere near how I
expected it to work.

Many thanks to both of you.

Chris


"TP" wrote:

> Hi Chris,
>
> Use notepad to create a file on your TS named keepalive.reg
> with the following contents:
>
> >>> Begin file contents below this line

> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
> "KeepAliveEnable"=dword:00000001
> "KeepAliveInterval"=dword:00000001
>
> <<< End file contents above this line
>
> After you are finished double-click the file to add the settings
> to the registry. You need to restart for the changes to take
> effect.
>
> The above will enable TS Keepalives on a windows 2000
> server just like if you had set the group policy for a 2003
> server. That way the server will better detect unexpectedly
> disconnected sessions and transition them to the Disconnected
> state. As with 2003 it is not perfect; sometimes it can take
> over a minute to detect a lost session.
>
> -TP
>
> Chris Swinney wrote:
> > Many thanks Vera,
> >
> > Do you know if the app will force a session to reconnect to one where
> > the network connection has been unexpectedly disconnected?
> >
> > I belive this situation leads to an "active orphaned seesion" and as I
> > understandi it, setting the GPO that deals with keepalive enable the
> > TS server to detect this situation and hence disconnection the
> > session - but thisonly works with Windows 2003, not 2000 - unless
> > there is another fix for that (if needed)?
> >
> >
> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

Hi Vera,

I tried the URL as given but it appears as though the page is unavailable. I
have noted the "thethin.com" now redirects to
http://www.msterminalservices.org/ and in the downloads section under third
part apps, the utility is there This may help someone else.



"Vera Noest [MVP]" wrote:

> From Microsofts Terminal Services FAQ
> http://www.microsoft.com/technet/community/en-
> us/terminal/terminal_faq.mspx
>
> Q. How can I limit Terminal Services so that a user can connect
> only one time?
>
> A. For Windows 2000, there is a third-party application available
> that does this. For more information, see thethin.net/r25b.zip.
>
> For Windows Server 2003, set the Restrict each user to one session
> option to Yes in Terminal Services Configuration. Alternatively,
> set the Restrict Terminal Services users to a single remote session
> group policy to Enabled.
>
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007 in
> microsoft.public.windows.terminal_services:
>
> > Hi all,
> >
> > I see that there are GPOs that can be set to restrict user
> > creating more than 1 session for TS in Win 2003, but we have
> > issues with a Win 2000 TS server. I have also noted that there
> > are GPOs that use keepalive so that dropped session can be
> > disconnected properly.
> >
> > We have remote users that connect in via VPN then use TS to run
> > certain apps. Sometimes the VPN disconnects and the TS session
> > is broken. I have set the option in the properties of the users
> > so that they SHOULD be able to reconnect from any client,
> > however, what appear to be happening is that the user attempts
> > to log back on and a new session is started.
> >
> > I would like to set Win 2000 TS so that only 1 session can be
> > activated per user and if a remote connection fails then the
> > user will be able to reconnect to the correct session.
> >
> > Is this possible, possibly through registry hacks?
> >
> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

Vera,

I have noted an issue with the application you pointed me to
(LockSingleUser2), or rather another issue with TS.

We set users environment so that a specific application starts when they
login to a TS session. This is the only thing required by users using TS.
This works fine and when the user closes the app, the session close as per
normal.

However, now that I run LockSingleUser2 by starting it from a login batch
file, when the user closes the app, the session remains active as the
LockSingleUser2 exe is still running.

I suppose a user could close the TS client and so disconnect the session,
then the session would eventually terminate after the timeout period is up
(15 mins), but this is not ideal.

How can we now close the LockSingleUser2 application and terminate the
session when the user closes the environment started application?

Chris


"Vera Noest [MVP]" wrote:

> No, the SingleUser app doesn't help you there. It simply disallows
> a user to create a second TS session (by creating a lock file in
> the user's home directory).
> Reconnection to broken connections doesn't work very well (if at
> all) in W2K.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007 in
> microsoft.public.windows.terminal_services:
>
> > Many thanks Vera,
> >
> > Do you know if the app will force a session to reconnect to one
> > where the network connection has been unexpectedly disconnected?
> >
> > I belive this situation leads to an "active orphaned seesion"
> > and as I understandi it, setting the GPO that deals with
> > keepalive enable the TS server to detect this situation and
> > hence disconnection the session - but thisonly works with
> > Windows 2003, not 2000 - unless there is another fix for that
> > (if needed)?
> >
> >
> > Chris
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> From Microsofts Terminal Services FAQ
> >> http://www.microsoft.com/technet/community/en-
> >> us/terminal/terminal_faq.mspx
> >>
> >> Q. How can I limit Terminal Services so that a user can connect
> >> only one time?
> >>
> >> A. For Windows 2000, there is a third-party application
> >> available that does this. For more information, see
> >> thethin.net/r25b.zip.
> >>
> >> For Windows Server 2003, set the Restrict each user to one
> >> session option to Yes in Terminal Services Configuration.
> >> Alternatively, set the Restrict Terminal Services users to a
> >> single remote session group policy to Enabled.
> >>
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007
> >> in microsoft.public.windows.terminal_services:
> >>
> >> > Hi all,
> >> >
> >> > I see that there are GPOs that can be set to restrict user
> >> > creating more than 1 session for TS in Win 2003, but we have
> >> > issues with a Win 2000 TS server. I have also noted that
> >> > there are GPOs that use keepalive so that dropped session can
> >> > be disconnected properly.
> >> >
> >> > We have remote users that connect in via VPN then use TS to
> >> > run certain apps. Sometimes the VPN disconnects and the TS
> >> > session is broken. I have set the option in the properties of
> >> > the users so that they SHOULD be able to reconnect from any
> >> > client, however, what appear to be happening is that the user
> >> > attempts to log back on and a new session is started.
> >> >
> >> > I would like to set Win 2000 TS so that only 1 session can be
> >> > activated per user and if a remote connection fails then the
> >> > user will be able to reconnect to the correct session.
> >> >
> >> > Is this possible, possibly through registry hacks?
> >> >
> >> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

Check this (note that I haven't tested this on a W2K TS):

CTX891671 - Graceful Logoff from a Published Application Keeps
Sessions in Active State
http://support.citrix.com/article/CTX891671

If you are running native Terminal Services without Citrix, you can
still use the method described in the "Resolution" section of the
Citrix article, albeit with another registry entry. Windows
Terminal Services keeps its list of system processes in the
following location in the registry:

HKLM\CurrentControlSet\Control\Terminal Server\SysProcs

If you have identified the process which keeps the session from
logging off, you can create a new REG_DWORD value under the
SysProcs key, with the name of the process as the value name.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
<ChrisSwinney@discussions.microsoft.com> wrote on 13 nov 2007 in
microsoft.public.windows.terminal_services:

> Vera,
>
> I have noted an issue with the application you pointed me to
> (LockSingleUser2), or rather another issue with TS.
>
> We set users environment so that a specific application starts
> when they login to a TS session. This is the only thing required
> by users using TS. This works fine and when the user closes the
> app, the session close as per normal.
>
> However, now that I run LockSingleUser2 by starting it from a
> login batch file, when the user closes the app, the session
> remains active as the LockSingleUser2 exe is still running.
>
> I suppose a user could close the TS client and so disconnect the
> session, then the session would eventually terminate after the
> timeout period is up (15 mins), but this is not ideal.
>
> How can we now close the LockSingleUser2 application and
> terminate the session when the user closes the environment
> started application?
>
> Chris
>
>
> "Vera Noest [MVP]" wrote:
>
>> No, the SingleUser app doesn't help you there. It simply
>> disallows a user to create a second TS session (by creating a
>> lock file in the user's home directory).
>> Reconnection to broken connections doesn't work very well (if
>> at all) in W2K.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
>> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007
>> in microsoft.public.windows.terminal_services:
>>
>> > Many thanks Vera,
>> >
>> > Do you know if the app will force a session to reconnect to
>> > one where the network connection has been unexpectedly
>> > disconnected?
>> >
>> > I belive this situation leads to an "active orphaned seesion"
>> > and as I understandi it, setting the GPO that deals with
>> > keepalive enable the TS server to detect this situation and
>> > hence disconnection the session - but thisonly works with
>> > Windows 2003, not 2000 - unless there is another fix for that
>> > (if needed)?
>> >
>> >
>> > Chris
>> >
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> From Microsofts Terminal Services FAQ
>> >> http://www.microsoft.com/technet/community/en-
>> >> us/terminal/terminal_faq.mspx
>> >>
>> >> Q. How can I limit Terminal Services so that a user can
>> >> connect only one time?
>> >>
>> >> A. For Windows 2000, there is a third-party application
>> >> available that does this. For more information, see
>> >> thethin.net/r25b.zip.
>> >>
>> >> For Windows Server 2003, set the Restrict each user to one
>> >> session option to Yes in Terminal Services Configuration.
>> >> Alternatively, set the Restrict Terminal Services users to a
>> >> single remote session group policy to Enabled.
>> >>
>> >> _________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> TS troubleshooting: http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT by private email ___
>> >>
>> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
>> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov
>> >> 2007 in microsoft.public.windows.terminal_services:
>> >>
>> >> > Hi all,
>> >> >
>> >> > I see that there are GPOs that can be set to restrict user
>> >> > creating more than 1 session for TS in Win 2003, but we
>> >> > have issues with a Win 2000 TS server. I have also noted
>> >> > that there are GPOs that use keepalive so that dropped
>> >> > session can be disconnected properly.
>> >> >
>> >> > We have remote users that connect in via VPN then use TS
>> >> > to run certain apps. Sometimes the VPN disconnects and the
>> >> > TS session is broken. I have set the option in the
>> >> > properties of the users so that they SHOULD be able to
>> >> > reconnect from any client, however, what appear to be
>> >> > happening is that the user attempts to log back on and a
>> >> > new session is started.
>> >> >
>> >> > I would like to set Win 2000 TS so that only 1 session can
>> >> > be activated per user and if a remote connection fails
>> >> > then the user will be able to reconnect to the correct
>> >> > session.
>> >> >
>> >> > Is this possible, possibly through registry hacks?
>> >> >
>> >> > Chris
 
Re: Windows 2000 TS, restricting users to 1 session

Vera, many thank for this tip but I could not get it to work.

The SysProc subkey was not there so I added it under

HKLM\System\CurrentControlSet\Control\Terminal Server\

I then added the following :


Value Name:LockSingleUser2.exe
Type:REG_DWORD
Data:0

Is this right? I tried with an without the .exe extension but could not get
the session to end gracefully. The value is of a different type than that
specified in the Citrix article and with a slightly format, but I guess
that's because we are dealing with different technologies.


Maybe this can't be done with Windows 200 TS?

Chris


"Vera Noest [MVP]" wrote:

> Check this (note that I haven't tested this on a W2K TS):
>
> CTX891671 - Graceful Logoff from a Published Application Keeps
> Sessions in Active State
> http://support.citrix.com/article/CTX891671
>
> If you are running native Terminal Services without Citrix, you can
> still use the method described in the "Resolution" section of the
> Citrix article, albeit with another registry entry. Windows
> Terminal Services keeps its list of system processes in the
> following location in the registry:
>
> HKLM\CurrentControlSet\Control\Terminal Server\SysProcs
>
> If you have identified the process which keeps the session from
> logging off, you can create a new REG_DWORD value under the
> SysProcs key, with the name of the process as the value name.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> <ChrisSwinney@discussions.microsoft.com> wrote on 13 nov 2007 in
> microsoft.public.windows.terminal_services:
>
> > Vera,
> >
> > I have noted an issue with the application you pointed me to
> > (LockSingleUser2), or rather another issue with TS.
> >
> > We set users environment so that a specific application starts
> > when they login to a TS session. This is the only thing required
> > by users using TS. This works fine and when the user closes the
> > app, the session close as per normal.
> >
> > However, now that I run LockSingleUser2 by starting it from a
> > login batch file, when the user closes the app, the session
> > remains active as the LockSingleUser2 exe is still running.
> >
> > I suppose a user could close the TS client and so disconnect the
> > session, then the session would eventually terminate after the
> > timeout period is up (15 mins), but this is not ideal.
> >
> > How can we now close the LockSingleUser2 application and
> > terminate the session when the user closes the environment
> > started application?
> >
> > Chris
> >
> >
> > "Vera Noest [MVP]" wrote:
> >
> >> No, the SingleUser app doesn't help you there. It simply
> >> disallows a user to create a second TS session (by creating a
> >> lock file in the user's home directory).
> >> Reconnection to broken connections doesn't work very well (if
> >> at all) in W2K.
> >> _________________________________________________________
> >> Vera Noest
> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> TS troubleshooting: http://ts.veranoest.net
> >> ___ please respond in newsgroup, NOT by private email ___
> >>
> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007
> >> in microsoft.public.windows.terminal_services:
> >>
> >> > Many thanks Vera,
> >> >
> >> > Do you know if the app will force a session to reconnect to
> >> > one where the network connection has been unexpectedly
> >> > disconnected?
> >> >
> >> > I belive this situation leads to an "active orphaned seesion"
> >> > and as I understandi it, setting the GPO that deals with
> >> > keepalive enable the TS server to detect this situation and
> >> > hence disconnection the session - but thisonly works with
> >> > Windows 2003, not 2000 - unless there is another fix for that
> >> > (if needed)?
> >> >
> >> >
> >> > Chris
> >> >
> >> >
> >> > "Vera Noest [MVP]" wrote:
> >> >
> >> >> From Microsofts Terminal Services FAQ
> >> >> http://www.microsoft.com/technet/community/en-
> >> >> us/terminal/terminal_faq.mspx
> >> >>
> >> >> Q. How can I limit Terminal Services so that a user can
> >> >> connect only one time?
> >> >>
> >> >> A. For Windows 2000, there is a third-party application
> >> >> available that does this. For more information, see
> >> >> thethin.net/r25b.zip.
> >> >>
> >> >> For Windows Server 2003, set the Restrict each user to one
> >> >> session option to Yes in Terminal Services Configuration.
> >> >> Alternatively, set the Restrict Terminal Services users to a
> >> >> single remote session group policy to Enabled.
> >> >>
> >> >> _________________________________________________________
> >> >> Vera Noest
> >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> >> >> TS troubleshooting: http://ts.veranoest.net
> >> >> ___ please respond in newsgroup, NOT by private email ___
> >> >>
> >> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> >> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov
> >> >> 2007 in microsoft.public.windows.terminal_services:
> >> >>
> >> >> > Hi all,
> >> >> >
> >> >> > I see that there are GPOs that can be set to restrict user
> >> >> > creating more than 1 session for TS in Win 2003, but we
> >> >> > have issues with a Win 2000 TS server. I have also noted
> >> >> > that there are GPOs that use keepalive so that dropped
> >> >> > session can be disconnected properly.
> >> >> >
> >> >> > We have remote users that connect in via VPN then use TS
> >> >> > to run certain apps. Sometimes the VPN disconnects and the
> >> >> > TS session is broken. I have set the option in the
> >> >> > properties of the users so that they SHOULD be able to
> >> >> > reconnect from any client, however, what appear to be
> >> >> > happening is that the user attempts to log back on and a
> >> >> > new session is started.
> >> >> >
> >> >> > I would like to set Win 2000 TS so that only 1 session can
> >> >> > be activated per user and if a remote connection fails
> >> >> > then the user will be able to reconnect to the correct
> >> >> > session.
> >> >> >
> >> >> > Is this possible, possibly through registry hacks?
> >> >> >
> >> >> > Chris

>
 
Re: Windows 2000 TS, restricting users to 1 session

Although I could not get the registry values to work, after a bit of
searching on the net to see if this key applied to Windows 2000, I came
across something different. The following shows a simple script that runs the
desired application instead, so instead of directing the environment to run
the application directly, you can direct it to run the script. This seems to
work.

http://ts.veranoest.net/ts_faq_applications.htm#logoffsession

Chris


"Chris Swinney" wrote:

> Vera, many thank for this tip but I could not get it to work.
>
> The SysProc subkey was not there so I added it under
>
> HKLM\System\CurrentControlSet\Control\Terminal Server\
>
> I then added the following :
>
>
> Value Name:LockSingleUser2.exe
> Type:REG_DWORD
> Data:0
>
> Is this right? I tried with an without the .exe extension but could not get
> the session to end gracefully. The value is of a different type than that
> specified in the Citrix article and with a slightly format, but I guess
> that's because we are dealing with different technologies.
>
>
> Maybe this can't be done with Windows 200 TS?
>
> Chris
>
>
> "Vera Noest [MVP]" wrote:
>
> > Check this (note that I haven't tested this on a W2K TS):
> >
> > CTX891671 - Graceful Logoff from a Published Application Keeps
> > Sessions in Active State
> > http://support.citrix.com/article/CTX891671
> >
> > If you are running native Terminal Services without Citrix, you can
> > still use the method described in the "Resolution" section of the
> > Citrix article, albeit with another registry entry. Windows
> > Terminal Services keeps its list of system processes in the
> > following location in the registry:
> >
> > HKLM\CurrentControlSet\Control\Terminal Server\SysProcs
> >
> > If you have identified the process which keeps the session from
> > logging off, you can create a new REG_DWORD value under the
> > SysProcs key, with the name of the process as the value name.
> > _________________________________________________________
> > Vera Noest
> > MCSE, CCEA, Microsoft MVP - Terminal Server
> > TS troubleshooting: http://ts.veranoest.net
> > ___ please respond in newsgroup, NOT by private email ___
> >
> > =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> > <ChrisSwinney@discussions.microsoft.com> wrote on 13 nov 2007 in
> > microsoft.public.windows.terminal_services:
> >
> > > Vera,
> > >
> > > I have noted an issue with the application you pointed me to
> > > (LockSingleUser2), or rather another issue with TS.
> > >
> > > We set users environment so that a specific application starts
> > > when they login to a TS session. This is the only thing required
> > > by users using TS. This works fine and when the user closes the
> > > app, the session close as per normal.
> > >
> > > However, now that I run LockSingleUser2 by starting it from a
> > > login batch file, when the user closes the app, the session
> > > remains active as the LockSingleUser2 exe is still running.
> > >
> > > I suppose a user could close the TS client and so disconnect the
> > > session, then the session would eventually terminate after the
> > > timeout period is up (15 mins), but this is not ideal.
> > >
> > > How can we now close the LockSingleUser2 application and
> > > terminate the session when the user closes the environment
> > > started application?
> > >
> > > Chris
> > >
> > >
> > > "Vera Noest [MVP]" wrote:
> > >
> > >> No, the SingleUser app doesn't help you there. It simply
> > >> disallows a user to create a second TS session (by creating a
> > >> lock file in the user's home directory).
> > >> Reconnection to broken connections doesn't work very well (if
> > >> at all) in W2K.
> > >> _________________________________________________________
> > >> Vera Noest
> > >> MCSE, CCEA, Microsoft MVP - Terminal Server
> > >> TS troubleshooting: http://ts.veranoest.net
> > >> ___ please respond in newsgroup, NOT by private email ___
> > >>
> > >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> > >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov 2007
> > >> in microsoft.public.windows.terminal_services:
> > >>
> > >> > Many thanks Vera,
> > >> >
> > >> > Do you know if the app will force a session to reconnect to
> > >> > one where the network connection has been unexpectedly
> > >> > disconnected?
> > >> >
> > >> > I belive this situation leads to an "active orphaned seesion"
> > >> > and as I understandi it, setting the GPO that deals with
> > >> > keepalive enable the TS server to detect this situation and
> > >> > hence disconnection the session - but thisonly works with
> > >> > Windows 2003, not 2000 - unless there is another fix for that
> > >> > (if needed)?
> > >> >
> > >> >
> > >> > Chris
> > >> >
> > >> >
> > >> > "Vera Noest [MVP]" wrote:
> > >> >
> > >> >> From Microsofts Terminal Services FAQ
> > >> >> http://www.microsoft.com/technet/community/en-
> > >> >> us/terminal/terminal_faq.mspx
> > >> >>
> > >> >> Q. How can I limit Terminal Services so that a user can
> > >> >> connect only one time?
> > >> >>
> > >> >> A. For Windows 2000, there is a third-party application
> > >> >> available that does this. For more information, see
> > >> >> thethin.net/r25b.zip.
> > >> >>
> > >> >> For Windows Server 2003, set the Restrict each user to one
> > >> >> session option to Yes in Terminal Services Configuration.
> > >> >> Alternatively, set the Restrict Terminal Services users to a
> > >> >> single remote session group policy to Enabled.
> > >> >>
> > >> >> _________________________________________________________
> > >> >> Vera Noest
> > >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
> > >> >> TS troubleshooting: http://ts.veranoest.net
> > >> >> ___ please respond in newsgroup, NOT by private email ___
> > >> >>
> > >> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
> > >> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov
> > >> >> 2007 in microsoft.public.windows.terminal_services:
> > >> >>
> > >> >> > Hi all,
> > >> >> >
> > >> >> > I see that there are GPOs that can be set to restrict user
> > >> >> > creating more than 1 session for TS in Win 2003, but we
> > >> >> > have issues with a Win 2000 TS server. I have also noted
> > >> >> > that there are GPOs that use keepalive so that dropped
> > >> >> > session can be disconnected properly.
> > >> >> >
> > >> >> > We have remote users that connect in via VPN then use TS
> > >> >> > to run certain apps. Sometimes the VPN disconnects and the
> > >> >> > TS session is broken. I have set the option in the
> > >> >> > properties of the users so that they SHOULD be able to
> > >> >> > reconnect from any client, however, what appear to be
> > >> >> > happening is that the user attempts to log back on and a
> > >> >> > new session is started.
> > >> >> >
> > >> >> > I would like to set Win 2000 TS so that only 1 session can
> > >> >> > be activated per user and if a remote connection fails
> > >> >> > then the user will be able to reconnect to the correct
> > >> >> > session.
> > >> >> >
> > >> >> > Is this possible, possibly through registry hacks?
> > >> >> >
> > >> >> > Chris

> >
 
Re: Windows 2000 TS, restricting users to 1 session

OK, I'm glad that you've found a solution that works for you,
Chris!
As I wrote, I've not tested the SysProcs registry key solution on
W2K, I don't have access to a W2K server, so I don't know if it can
be made to work.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
<ChrisSwinney@discussions.microsoft.com> wrote on 14 nov 2007 in
microsoft.public.windows.terminal_services:

> Although I could not get the registry values to work, after a
> bit of searching on the net to see if this key applied to
> Windows 2000, I came across something different. The following
> shows a simple script that runs the desired application instead,
> so instead of directing the environment to run the application
> directly, you can direct it to run the script. This seems to
> work.
>
> http://ts.veranoest.net/ts_faq_applications.htm#logoffsession
>
> Chris
>
>
> "Chris Swinney" wrote:
>
>> Vera, many thank for this tip but I could not get it to work.
>>
>> The SysProc subkey was not there so I added it under
>>
>> HKLM\System\CurrentControlSet\Control\Terminal Server\
>>
>> I then added the following :
>>
>>
>> Value Name:LockSingleUser2.exe
>> Type:REG_DWORD
>> Data:0
>>
>> Is this right? I tried with an without the .exe extension but
>> could not get the session to end gracefully. The value is of a
>> different type than that specified in the Citrix article and
>> with a slightly format, but I guess that's because we are
>> dealing with different technologies.
>>
>>
>> Maybe this can't be done with Windows 200 TS?
>>
>> Chris
>>
>>
>> "Vera Noest [MVP]" wrote:
>>
>> > Check this (note that I haven't tested this on a W2K TS):
>> >
>> > CTX891671 - Graceful Logoff from a Published Application
>> > Keeps Sessions in Active State
>> > http://support.citrix.com/article/CTX891671
>> >
>> > If you are running native Terminal Services without Citrix,
>> > you can still use the method described in the "Resolution"
>> > section of the Citrix article, albeit with another registry
>> > entry. Windows Terminal Services keeps its list of system
>> > processes in the following location in the registry:
>> >
>> > HKLM\CurrentControlSet\Control\Terminal Server\SysProcs
>> >
>> > If you have identified the process which keeps the session
>> > from logging off, you can create a new REG_DWORD value under
>> > the SysProcs key, with the name of the process as the value
>> > name.
>> > _________________________________________________________
>> > Vera Noest
>> > MCSE, CCEA, Microsoft MVP - Terminal Server
>> > TS troubleshooting: http://ts.veranoest.net
>> > ___ please respond in newsgroup, NOT by private email ___
>> >
>> > =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
>> > <ChrisSwinney@discussions.microsoft.com> wrote on 13 nov 2007
>> > in microsoft.public.windows.terminal_services:
>> >
>> > > Vera,
>> > >
>> > > I have noted an issue with the application you pointed me
>> > > to (LockSingleUser2), or rather another issue with TS.
>> > >
>> > > We set users environment so that a specific application
>> > > starts when they login to a TS session. This is the only
>> > > thing required by users using TS. This works fine and when
>> > > the user closes the app, the session close as per normal.
>> > >
>> > > However, now that I run LockSingleUser2 by starting it from
>> > > a login batch file, when the user closes the app, the
>> > > session remains active as the LockSingleUser2 exe is still
>> > > running.
>> > >
>> > > I suppose a user could close the TS client and so
>> > > disconnect the session, then the session would eventually
>> > > terminate after the timeout period is up (15 mins), but
>> > > this is not ideal.
>> > >
>> > > How can we now close the LockSingleUser2 application and
>> > > terminate the session when the user closes the environment
>> > > started application?
>> > >
>> > > Chris
>> > >
>> > >
>> > > "Vera Noest [MVP]" wrote:
>> > >
>> > >> No, the SingleUser app doesn't help you there. It simply
>> > >> disallows a user to create a second TS session (by
>> > >> creating a lock file in the user's home directory).
>> > >> Reconnection to broken connections doesn't work very well
>> > >> (if at all) in W2K.
>> > >> _________________________________________________________
>> > >> Vera Noest
>> > >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> > >> TS troubleshooting: http://ts.veranoest.net
>> > >> ___ please respond in newsgroup, NOT by private email ___
>> > >>
>> > >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
>> > >> <ChrisSwinney@discussions.microsoft.com> wrote on 12 nov
>> > >> 2007 in microsoft.public.windows.terminal_services:
>> > >>
>> > >> > Many thanks Vera,
>> > >> >
>> > >> > Do you know if the app will force a session to reconnect
>> > >> > to one where the network connection has been
>> > >> > unexpectedly disconnected?
>> > >> >
>> > >> > I belive this situation leads to an "active orphaned
>> > >> > seesion" and as I understandi it, setting the GPO that
>> > >> > deals with keepalive enable the TS server to detect this
>> > >> > situation and hence disconnection the session - but
>> > >> > thisonly works with Windows 2003, not 2000 - unless
>> > >> > there is another fix for that (if needed)?
>> > >> >
>> > >> >
>> > >> > Chris
>> > >> >
>> > >> >
>> > >> > "Vera Noest [MVP]" wrote:
>> > >> >
>> > >> >> From Microsofts Terminal Services FAQ
>> > >> >> http://www.microsoft.com/technet/community/en-
>> > >> >> us/terminal/terminal_faq.mspx
>> > >> >>
>> > >> >> Q. How can I limit Terminal Services so that a user can
>> > >> >> connect only one time?
>> > >> >>
>> > >> >> A. For Windows 2000, there is a third-party application
>> > >> >> available that does this. For more information, see
>> > >> >> thethin.net/r25b.zip.
>> > >> >>
>> > >> >> For Windows Server 2003, set the Restrict each user to
>> > >> >> one session option to Yes in Terminal Services
>> > >> >> Configuration. Alternatively, set the Restrict Terminal
>> > >> >> Services users to a single remote session group policy
>> > >> >> to Enabled.
>> > >> >>
>> > >> >> ________________________________________________________
>> > >> >> _ Vera Noest
>> > >> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> > >> >> TS troubleshooting: http://ts.veranoest.net
>> > >> >> ___ please respond in newsgroup, NOT by private email
>> > >> >> ___
>> > >> >>
>> > >> >> =?Utf-8?B?Q2hyaXMgU3dpbm5leQ==?=
>> > >> >> <ChrisSwinney@discussions.microsoft.com> wrote on 12
>> > >> >> nov 2007 in microsoft.public.windows.terminal_services:
>> > >> >>
>> > >> >> > Hi all,
>> > >> >> >
>> > >> >> > I see that there are GPOs that can be set to restrict
>> > >> >> > user creating more than 1 session for TS in Win 2003,
>> > >> >> > but we have issues with a Win 2000 TS server. I have
>> > >> >> > also noted that there are GPOs that use keepalive so
>> > >> >> > that dropped session can be disconnected properly.
>> > >> >> >
>> > >> >> > We have remote users that connect in via VPN then use
>> > >> >> > TS to run certain apps. Sometimes the VPN disconnects
>> > >> >> > and the TS session is broken. I have set the option
>> > >> >> > in the properties of the users so that they SHOULD be
>> > >> >> > able to reconnect from any client, however, what
>> > >> >> > appear to be happening is that the user attempts to
>> > >> >> > log back on and a new session is started.
>> > >> >> >
>> > >> >> > I would like to set Win 2000 TS so that only 1
>> > >> >> > session can be activated per user and if a remote
>> > >> >> > connection fails then the user will be able to
>> > >> >> > reconnect to the correct session.
>> > >> >> >
>> > >> >> > Is this possible, possibly through registry hacks?
>> > >> >> >
>> > >> >> > Chris
 
Back
Top