RDP Sessions - Forcing new session

Hi all,

I’ve come across an issue where our users are not logging out of their terminal services session properly. Whether via TSWeb or MSTSC (remote desktop), if they close the browser or RDP window using the x it keeps the session alive for upto 1 minute.

The problem with this is that we use terminal services to host an application for users who can’t install it, so other users that login (using a generic username and password) are adopting/hijacking the original session and seeing someone elses data.

Does anyone know of a way to force a new session each time a user connects to RDP? Whether via TSWeb or MSTSC (remote desktop)?

Thank you in advance!!

Gavin

You should have these users use their own credentials rather than a generic account.

Thats not possible unfortunately. It’s not like theres one or two users, we’re talking possibly hundreds.

I’m currently looking into writing a small windows service that closes any disconnected sessions. Unfortunately there is not much information relating to calling the terminal services api’s.

Are these users on a domain? Do you have hundreds of Terminal Server licenses?

No, these users are our customers. The terminal server licences are not an issue, we are only using one user login and the only thing the user can do is use the software we run, no start bar, desktop etc

Actually, you probably have a licensing issue here. You really need to license every user, meaning person using, or device using, the terminal server. One user account does not shield you.

Insofar as the single account goes, how do you handle it when someone leaves one of your customer’s companies who knew the password? What if they were fired? Shared accounts are horribly insecure way to do things at all levels.

The user does not have access to the username and password. The RDP session is initiated programatically so the username and password is automatically typed in.

Even still, using Group Policies, they are only able to access the software that is automatically ran when they login. If they leave the company, their login to that software is disabled. They can log onto the server to their hearts delight but can’t do anything.