[awhelan]

Hi,
I have an odd question that I was hoping someone might have an answer to. Say we have a generic account used by a few people connecting into a remote services server. Person 1 uses the shared credentials to establish a remote desktop session. Person 2 a few minutes later uses the same credentials to establish a connection, which in turn makes Person 1 lose the session and now Person 2 has control over that session.
Is there a way to basically say if a session is established with a set of credentials it can not be taken over, Person 1 would have to disconnect their session before someone else could use those credentials again to establish a connection to the server? Please let me know if I did not make this clear enough.

Thank You

[yuval14]

You can force log off disconnected sessions after a minute for example...
But first... Why to use gerneric account at all? I guess that the solution design didnt planned to answer a common security issues...

[awhelan]

Hi,
I know this goes against best practices and other standards, it is a way for us to attempt to control access to particular third party apps. I can't find any build in configuration options that allow for what I want, most likely because terminal services is not meant to work in this manner. Turning the time down to 1 minute would not help because Person 2 can take over an active session from Person 1 when using the same credentials. What I really need is for the system to see the active user session and not allow that user to connect in from anywhere else until the session has been disconnected. Therefore not allowing anyone to take over the original session. I would like to think there might be some registry work around for this, but I would have no idea.
Thank you for any additional input.

[yuval14]

You can use some script to check if some session is in disconnected state and then log off the user... The script can be run each second for example...

http://thebackroomtech.com/2008/04/0...vices-session/

[awhelan]

Hi,
Again that solution would not work in my case. I am not worried about when someone disconnects. I am worried that if Person 1 establishes a connection with the shared credentials and while actively using it Person 2 also establishes a connection with the shared credentials. In this case Person 1 will lose the session and Person 2 will take over. The main problem/question is can this be stopped? Basically if a user has an active session do not allow someone else to take over that session from another remote location.

Thank You

[yuval14]

Hi,

You can try to disable Automatic Reconnection:

http://support.microsoft.com/kb/323258

[awhelan]

Hi,
I can attempt to try this, but if I read this right it will just disable automatic reconnection attemps vs. stopping a new connection attempt all together.