Remote desktop session windows 2012
Всем привет сегодня хочу рассказать о небольшой фишке как можно настроить несколько сессий rdp с одним логином в Windows Server 2012R2. Если честно я не понимаю, для чего это может быть нужно, так как с точки зрения безопасности это не совсем правильно, но если уж есть давайте расскажу. Данная возможно оказывается еще была аж с Windows Server 2003, давненько это было, но там все делалось простановкой одной галки, в Windows Server 2012R2 на пару действий побольше.
Подключение по rdp
Думаю не нужно объяснять, что очень часто на серверной платформе Windows делают сервер терминалов, для совместной работы многих пользователей за ним, и люди подключаются к нему за счет протокола RDP по порту 3389. В Windows 2012R2 за настройку несколько сессий rdp с одним логином отвечает групповая политика. Нажимаем Win+R и вводим gpedit.msc либо на контроллере домена в редакторе групповых политик, но потом не забудьте ее прилинковать к нужному контейнеру.
Вам нужно отключить политику
Для англоязычной версии
ну и собственно мы видим политику Ограничить пользователей служб удаленных рабочих столов одним сеансом служб удаленных рабочих столов, поставив в ней статус отключено вы позволите несколько сессий rdp с одним логином на вашем терминальном сервере.
Все закрываем редактор и радуемся жизни.
Материал сайта pyatilistnik.orgRemote desktop session windows 2012
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Asked by:
General discussion
As everyone knows with the introduction of Windows Server 2012 & 2012 R2, there are various changes and no more availability for RDSH configurations or Remote Desktop Service Manager; now we can manage all the settings under Server Manager and group policy.
Configuration 1: Remote Desktop Timeout settings:
Here, we will see the Remote Desktop timeout settings. You can maintain the settings under below mention path (Figure 1 and Figure 2).
- Open the Server Manager, select Remote Desktop Services.
- In Remote desktop Services, in right side you can drop down to collections.
- Select the collection which you want to edit the settings.
- Under collections Properties, select Task and then Edit Properties.
- In Properties dialog box, select Session.
- You can find all the timeoutsettings under session collection properties; edit according to your requirements and then OK.
Figure 1: Selecting Collection Properties
Figure 2: Configuring screen for Timeout and reconnection Settings
Group policy setting:
The same settings can also be applied by Group Policy.
You can also configure timeout and reconnection settings by applying the following Group Policy settings, you can check the figure 3 for graphical view.
— Set time limit for disconnected sessions
— Set time limit for active but idle Remote Desktop Services sessions
— Set time limit for active Remote Desktop Services sessions
— End session when time limits are reached
In addition to this another group policy available with the help of which you can bale to set time limit for logging off the RemoteApp according to our desired time. This setting can be applied with addition to above mentioned policy.
— Set time limit for logoff of RemoteApp Sessions
These Group Policy settings are located in the following locations:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
These Group Policy settings can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
Note:
These Group Policy settings will take precedence over the settings configured in Remote Desktop Session Host Configuration. If both the Computer Configuration and the User Configuration policy settings are configured, the Computer Configuration policy settings take precedence.
Figure 3: Group Policy for setting Timeout and reconnection setting
Configuration 2: Restrict & Enable user to a single & multiple session
Under Windows Server 2012 & 2012 R2, there is no specific setting under RDP-TCP as it is not available.
- Restrict User to Single session:
To restrict the user to single session (Disable Multiple RDP Session) you can configure the setting under group policy (Figure 4).
Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session Enabled
Figure 4: Group policy for Restrict user to Single session
- Enable user to multiple session:
To enable the user to multiple session you can configure the setting under below (Figure 5).
Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections
Restrict Remote Desktop Services users to a single Remote Desktop Services session Disabled
Figure 5: Group Policy for Enable user to Multiple Session
In addition you can also edit the registry setting for allowing multiple RDP session as per below (Figure 6).
fSingleSessionPerUser REG_DWORD 0x00000000
Note: By default the registry value is set to 1, but you need to change to 0.
Figure 6: Display the registry settings
Also you can edit the policy “ Limit number of connections” and set RD Maximum collection as per your company requirements (Maximum limit: 999999) for above mention group policy path (Figure 7).
Figure 7: Group Policy for Limit number of Connections
Apart from this, if you have not specified any policy or registry setting and still you want to restrict the new session, then in Windows Server 2012 & 2012 R2 there is option where you need to follow below steps (Figure 8 and Figure 9).
- Right click a Remote Desktop Session Host in specified location of Host Server and select “Do not allow new connections”.
- After clicking that it will ask you for your confirmation, click yes and no new connection will be allowed.
Figure 8: Setting displaying “Do not allow new connections”
Figure 9: Confirmation popup
RD Gateway Connection Properties:
If you have deployed RD Gateway under your environment you can also limit the number of simultaneous connections through RD Gateway by configuring policy under RD Gateway Manager. For this you need to follow below mention path.
- Open RD Gateway Manager, select the server which you want to modify.
- Right click Properties.
- Under General Tab
— Limit maximum allowed simultaneous connections to: Specify the number of connection you want to able to provide connection.
— Allow the maximum supported simultaneous connections: This setting will allow maximum supported connections at a time.
— Disable new connections: This setting will not allow new connections through RD Gateway but Active connection will not be automatically disconnected.
Select the option as per requirement which able to allow the connection
Figure 10: Connections setting under RD Gateway Manager
Configuration 3: Configure keep-alive connection interval
As per above mention in initial post you can able to change the setting for Keep alive connection interval. In addition to this also verify the registry setting must be set as per following (Figure 11 and Figure 12).
HKEY_Local_Machine \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services
KeepAliveEnable REG_DWORD 0x00000001 (1)
KeepAliveInterval REG_DWORD 0x00000001 (1)
Figure 11: Group Policy setting for Keep alive
Figure 12: Registry setting for keep alive
If you need further assistance, welcome to post your questions in our Remote Desktop Services (Terminal Services) forum.
If you would like to achieve this in Windows Server 2008 or Windows Server 2008 R2, please move on to the next post.
All replies
Applies to Windows Server 2008 and Windows Server 2008 R2
Configuration 1: Remote Desktop Timeout settings:
1. Open the property dialog for RDP-Tcp connection in Remote Desktop Services Manager.
2. In the Sessions tab, you can configure the following settings:
- Active Session Limit
- Idle session limit
- Action when session limit is reached or connection is broken
- End a disconnected session
Additionally, you can configure the settings with the help of Group Policy also by below mention path.
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Configuration 2: Restrict each user to a single session
By using this configuration or policy setting, each user can only maintain one session to the certain terminal server; when another session is started by the same user, the original one will lose the connection. In that way, the total number of possible active sessions won’t exceed the total remote users. You can implement this as below mention steps.
Remote Desktop Host (RDP-Tcp) configuration:
Edit Settings – Restrict each user to a single session: Yes
Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\
Restrict Remote Desktop Services (Terminal Services) users to a single remote session: Enabled
Configuration 3: Configure keep-alive connection interval
By specifying the minutes that the TS holds a remote session actually disconnected, the server will detect the session status after each period. The session that are actually offline will be changed to disconnected status:
Group Policy:
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\
Configure keep-alive connection interval: Enabled and Specify the Value
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.
Управление RDP сессиями пользователей Windows Server 2012 R2
При администрировании сервера терминалов, особенно, когда на нем работают удаленные сотрудники в специализированных программах или даже просто в 1С, возникает необходимость подключиться к сессии пользователя для различных работ (обслуживание и диагностика ПО, консультация/обучение и т.п.).
Данная технология полноценно работает в Windows Server 2012 R2 и называется – Теневая копия. Если у вас установлена и используется для сервера удаленных рабочих столов MS Windows Server 2012, то знайте – данная опция не реализована в данной версии ОС. Тем не мене в обоих случаях (2012 и 2012 R2) есть прекрасная возможность использовать дополнительное средство удаленного администрирования и поддержки пользователей – “Удаленный помощник“. Устанавливается стандартным способом (через Диспетчер управления серверами-Добавить роли и компоненты):
После установки “Удаленный Помощник” необходимо выполнить следующие настройки групповых политик на настраиваемом сервере:
- Конфигурация компьютера\Административные шаблоны\Службы удаленных рабочих столов\Узел сеансов удаленных рабочих столов\Подключения\Разрешить пользователям удаленное подключение с использованием служб удаленных рабочих столов – включить
- Конфигурация компьютера\Административные шаблоны\Службы удаленных рабочих столов\Узел сеансов удаленных рабочих столов\Подключения\Установить правила удаленного управления для пользовательских сеансов удаленных рабочих столов – выбрать нужны вариант
- Конфигурация компьютера\Административные шаблоны\Система\Удаленный помощник\Настроить предупреждающие сообщения
- Конфигурация компьютера\Административные шаблоны\Система\Удаленный помощник\Настроить запрашиваемую удаленную помощь
- Конфигурация компьютера\Административные шаблоны\Система\Удаленный помощник\Настроить предлагаемую удаленную помощь
Настройка Удаленного помощника на сервер MS Windows Server 2012 / 2012 R2 завершена.
Нашли ошибку в тексте? Выделите фрагмент текста и нажмите Ctrl+Enter
