Monitoring and Ending User Sessions
Before you start monitoring and ending sessions in the Remote Desktop Services Manager, you should recognize the different session types that you will see and what they are for. Four types of sessions appear in the Remote Desktop Services Manager.
- Console Session supports someone logged on locally (at the physical console). This session is not accessible via RDP.
- RDP-Tcp Remote RDP session.
- Services Session used by server services.
- Listener Session listens for incoming connection requests.
For our purposes, you're going to work most often with the RDP-Tcp sessions.
Switching Between Sessions
Let's say that you have logged on to your Windows 7 desktop via RDP with your domain credentials so that you can work on that computer from a remote location. When you do so, the console session switches to the RDP session and the console goes back to the logon screen. The same functionality is behind the ability to move between sessions on an RD Session Host server, using the Remote Desktop Services Manager or the tscon command. You can switch between your own sessions if you have more than one, or (if you know the password) you can connect to another user's session and disconnect your own. Connecting to a session using this functionality automatically disconnects the session you started from.
There are a few caveats to using the Connect functionality.
- It works only to connect to an RDP-Tcp session from another RDP-Tcp connection on the same server. You can connect to an active or a disconnected session.
- You cannot connect to a RemoteApp session, only a full desktop.
- Although you can connect to another session from an administrative (/admin) connection, you can't connect to an administrative connection from another RDP-Tcp connection.
- When you are prompted for a password while connecting to a session from the Remote Desktop Services Manager, the password is obscured on the screen. When you supply the password to the command-line tool, the password might be displayed on the screen, in cleartext, if you want. Therefore, be careful how you use tscon when anyone is standing behind you!
NOTE: If you attempt to connect to a local logon session from tscon, you'll see error code 31, telling you, "A device attached to the system is not functioning." If you attempt to connect to an /admin remote connection, you'll get an error message that access is denied.
To use the Connect functionality from the Remote Desktop Services Manager or the tscon command, follow these steps.
- Start an RDP session to the RD Session Host server hosting the session to which you want to connect.
- Find the correct session. From the Remote Desktop Services Manager, find the correct session from the Users or Sessions tab in the center pane. If using the command prompt, find the session ID by typing query session.
- Connect to the session. From the Remote Desktop Services Manager, right-click the
session and choose Connect from the context menu. From the command prompt, type
tsconsessionID /password:password to enter the password with the command, or
/password* to be prompted for the password. You'll need to include all of this information in the command.
NOTE: You must supply the password when connecting from the command prompt or the command will fail. When connecting from the Remote Desktop Services Manager, you are prompted for the password if connecting to a session that is not your own. - Assuming that you provide the correct password and it's possible to connect to the session, you will connect immediately to the new session and see any applications or files open in the other session. The person whose session that was will be disconnected. If the password isn't valid, you'll see an error message.
The functionality is most useful if RemoteApp functionality isn't in the picture. In Windows Server 2003 and earlier, the only way to publish individual applications was by limiting a session to a single application. By using Connect, it was possible (if awkward) for a user to move between individual applications on the same terminal server.
Today, this command isn't applicable to most situations because the only sessions that you should be able to connect to (assuming reasonably secure domain password protection) are your own. One possible scenario for using Connect in this present version of RDS is if you were logged on to an RD Session Host server as both a user and an administrator, using two different accounts. You could switch to your administrator persona by connecting to the session, but you'd disconnect your user persona.
In this tutorial:
- Managing Remote Desktop Session
- Introducing RD Session Host Management Tools
- Command-Line Tools
- Connecting Remotely to Servers for Administrative Purposes
- Managing RD Session Host Servers from Windows 7
- Organizing Servers and VMs in the Remote Desktop Services Manager
- Monitoring and Terminating Processes
- Terminating Applications
- Monitoring and Ending User Sessions
- Closing Orphaned Sessions
- Disconnecting Sessions
- Providing Help with Remote Control
- Enabling Remote Control via Group Policy
- Enabling Remote Control via RD Session Host Configuration
- Shadowing a User Session
- Troubleshooting Session Shadowing
- Preparing for Server Maintenance
- Sending Messages to Users
- Shutting Down and Restarting RD Session Host Servers
- Applying RDS Management Tools
- Get the Server Names
- List Processes on the RD Session Host Servers
- Auditing User Logons
- Closing Unresponsive Applications