Limit users to one remote session

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To limit users to one remote session

  • Using Group Policies (best practice)

  • Using Terminal Services Configuration

Warning

If users have been limited to one remote session, connecting to the session by using a different protocol is not supported. To access a remote session by using a different protocol, the user must log off from the current session.

Using Group Policies (best practice)

  1. Open Group Policy.

  2. In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, double-click the Restrict Terminal Services users to a single remote session setting.

  3. Click Enabled, and then click OK.

    Important

    • You should thoroughly test any changes you make to Group Policy settings before applying them to users or computers. For more information on testing policy settings, see Resultant Set of Policy.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • Use the above procedure to configure the local Group Policy object. To change a policy for a domain or an organizational unit, you must log on to the primary domain controller as an Administrator. Then, you must invoke Group Policy through the Active Directory Users and Computers snap-in.

Using Terminal Services Configuration

  1. Open Terminal Services Configuration.

  2. In the console tree, click Server Settings.

  3. In the details pane, right-click Restrict each user to one session, and then click Properties.

  4. Check the Restrict each user to one session check box, and then click OK.

    Note

    • To open Terminal Services Configuration, click Start, click Control Panel, double-click Administrative Tools, and then double-click Terminal Services Configuration.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • Group Policy overrides the configuration set with the Terminal Services Configuration tool.

  • Users will always be able to create more than one session by specifying a different program to start on connection for each session.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Specify a program to start upon connection Remote Desktop Connection
Configuring Terminal Services with Group Policy
Configuring Terminal Services with TSCC