whatever61

Distinguished
Jul 29, 2010
242
0
18,690
Hi all,

Me and my colleagues are working on different servers through RDP, but we share the same user (admin) on all th servers. When another user connects with the same username while I'm connected to the same server, it kicks me out. That's not the problem. Problem is I don't know who connected and kicked me out, if I would know I would contact that person and ask him not to connect now, because I'm busy on this server. Currently I have to ask all my colleagues one by one if they're working on the server, until I find the person I need.

Is there a way to see who kicked me out? either the IP address of that person or the pc-name?

I know about the possibilities to create another remove user or to remove the limit of one session per user.. :whistle:

any ideas?

Thanks in advance.
 
I have an idea. Don't use the same user name, and tell the other people that if there is a user already on the machine that's logged in, don't connect. That's terrible practice, when you use MS RDP, it will tell you that there is an account already on the machine, do you want to continue. Say No. Once you are kicked out it's a bit too late to tell them not to connect. If you keep the account always logged on so you can't even tell if there is a person working or not, that's also bad practice.

Since you use the same account, you can't tell who's logged on where, all you would see is that the account name and the comptuers it's on, but you won't be able to see who has a remote session open on a particular computer.
 

Psychoteddy

Distinguished
Dec 7, 2010
605
0
19,010


Yeah... What he said... :bounce:
 

whatever61

Distinguished
Jul 29, 2010
242
0
18,690


Thanks for your reply, but please read my post properly.
I specify that we have one user, which is some sort of admin user for all servers, we have a lot of workers in the company and a lot of server, so no, we cannot create a different user for every single worker.
Same about telling other people, I can't tell other people every time I connect to a server, it happens around 15 times a day to different servers, so notifying everyone would be not possible.
this part I didn't get: "That's terrible practice, when you use MS RDP, it will tell you that there is an account already on the machine, do you want to continue. Say No. Once you are kicked out it's a bit too late to tell them not to connect. "
When I connect and someone was connected already with my user it will just kick him out, without asking me "do you want to continue" or did I get something wrong?
 

Psychoteddy

Distinguished
Dec 7, 2010
605
0
19,010


Regardless of what you may think about security practices in a network it is considered bad practice by the rest of the IT community to handle RDP in this manner. You cannot have multiple concurrent logins of the same user. Period. You CAN have multiple concurrent logins of multiple users, just not one single user. You need to make other user accounts for these people. Just because it's not what you WANT to do does not mean that it's not the best solution. There is a reason it's considered bad practice and the reason that you're stating in your post is exactly one of them, let alone the other security risks associated with this sort of management.
 


The issue you are having is because you only have one user account. Where I work we have 8,000 users, and we have 8,000 user accounts. Create an account for every user, at least for every one that connectes to a server. Or setup Terminal Services so you can create new sessions for a user.
 

whatever61

Distinguished
Jul 29, 2010
242
0
18,690
PsychoTeddy, hang-the-9,

Guys, I don't know why you keep on explaining me that I cannot connect more than once with the same user. I know that and I state it in my original post: "When another user connects with the same username while I'm connected to the same server, it kicks me out. That's not the problem.".

I asked if there's a way that it will show me by WHOM I was kicked out (either IP, either the PC name). this way I would contact that person directly. that's all I need. possible or not possible?
 

Psychoteddy

Distinguished
Dec 7, 2010
605
0
19,010


Not possible.
 


Our suggestions will give you a FIX for your issue, what you are looking for is more work for you. Connect to the server, get kicked off, find the person who connected, tell them you were on, then they need to disconnect, you log on again. Then a 3rd person conects, repeat process. Up to you what you want to do though, spend 15 minutes creating seperate user accunts or 15 minutes each time you connect.
 

whatever61

Distinguished
Jul 29, 2010
242
0
18,690
hang-the-9,
I appreciate you're trying to help, but it's just not practical for our way of working. The way I would want it to be, it would directly tell me who kicked me out and in 1 minute I contact that person on MSN and that's it.
Imagine we have 300 servers and 30 users, so now I'm gonna create a user for each of the users on the server? and now if I have a new worker then I have to go over 300 servers and add the new user? it's just not practical and any IT company that I know of, always has 1-2 'admin' users which they share. But thanks anyway.
 


They way you do that is you create a server admin Group, then add users to that Group, and the Group is what gives rights on the servers. So you add ServerGroup as a admin on the computers, and each time you get a new person or need to remove them, you just add/remove them from the Group and all of the servers automatically see the changes. Any IT tech in first year of school should have learned that, it's a pretty basic thing. With your 300 servers and 30 users, you have 1 group account, and you add the 30 users to that group. Then you push the group account to the 300 servers, one step, done.

You say that you don't see other IT companies do that, but every single company I know of and worked for does do that. How else can you have accountability for one thing? What if someone makes a change on a server that crashes it or downloads porn on it? You have one account, who did it? Plus you have the exact issue you are looking for a fix for.

It really sounds like your infrastructure was put together by a rookie admin or at least a very lazy one.

There are tons of scripts and tools you can use to add a user or a group to hundreds of machines at once. Take a look at MS literature about account best practices. You can fix all this easily. With a .vbs scripts you can add a new user or group to a local machine to 300 comptuers just as simply as one. I know because I've done it.
 
install ADMINPAK on your xp machine and that will give you Terminal Services Manager. After installing you will find it in administrative tools (or start>run>tsadmin) . Just click actions then connect to computer.connect to the computer in question and it will tell you what RDP sessions are active. The great thing about this program as well is if someone was on an RDP and closed it but left it active (especially on a server) you can right click that session and click connect and it will connect you to that session even if it was started by another user. The plus to that is being able to see the active windows that were in that session if you need to monitor something.

Did not know about this tool, will take a look at it myself thanks.
 

Psychoteddy

Distinguished
Dec 7, 2010
605
0
19,010


I work for a hospital network comprised of over 5 main hospitals and countless other satellite offices. If I had to put an estimate on it, I'd say we have 30,000 users, a few thousand of those being admins. Not a single person has a common username. There are no "one for all" usernames, nothing.

It can be done, it's tedious and time consuming, but necessary. If you don't want tedious and time consuming work then you are in the wrong industry, my friend.
 

READ_THE_POST

Distinguished
Feb 10, 2012
3
0
18,510
everyone of you are idiots!

Read his post, dont argue with someone asking for help. Thats just stupid! If you could read between the lines, he probably doesnt use AD and is using workgroups. So you telling him to create a unique user for every user on every server is a TON of work. 300x30=900 user accounts to create.

So sure that can be scripted and it could be done in some ways to make it less work but dont tell someone that what he is doing is stupid and that he needs to change his process. He is the one doing the work not you, so when someone asks for help, here is an idea, HELP HIM, rather than argue with him.
 

READ_THE_POST

Distinguished
Feb 10, 2012
3
0
18,510
oh and pyschoteddy, you are one of the biggest idiots!

You want to bet you dont have any common users in your environment? Try domain admins, admins, exchange admins, service accounts, service apps, etc.

Try thinking thru what you are trying to say and state it correctly. Every environment has common named users. Thats how every OS comes if its windows. Oh and BTW we know its windows we are talking about because the title has to do with a microsoft technology called REMOTE DESKTOP PROTOCOL!
 

READ_THE_POST

Distinguished
Feb 10, 2012
3
0
18,510
one last thing, it is possible to have multiple logins using the same account

1.Start regedit
2.Check out the follwoing registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer
3.If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
4.Open the fSingleSessionPerUser value. The possible values for this setting are as follows:
0×0 Allow multiple sessions per user
0×1 Force each user to a single session
5.save this

Lastly if you want to know who kicked you off, you can create a script to start at login that gets the RDP IP incoming address and send that in an email or dos send message command to a specific machine, like your host machine.