2

We have a cluster of 3 RDS servers, all running Windows Server 2008 R2. We recently started using thin clients and have run into an issue: once a user is logged in, another user cannot "switch" to the login screen. The original user has locked the session and is the only one who can login until the session times out from inactivity (30 mins), or I manually kick off the first user from the RDS server (obviously not feasible each time).

I created a GPO and applied it to the 3 RDS servers: Computer Policy -> Administrative Templates -> System -> Logon -> Hide entry points for Fast User Switching: Disabled

Then ran a GPupdate command against the 3 servers, but nothing changed. Any ideas? Thank you.

KidACrimson
  • 330
  • 1
  • 10
  • 26
  • If properly configured, the RDSH servers should accept connections from many users simultaneously. Have you configured the RDS servers correctly? Can multiple users connect? Please explain how a user goes about "switching" to the login screen. – I say Reinstate Monica Mar 26 '17 at 17:52
  • That's just it, they cannot switch once the RDS session is locked. This is partially due to a shortcoming with the Linux ThinStation thin-client (which uses FreeRDP), but it's also a MS server-side issue. But yes, we have 100 user CAL's for the RDS servers and typically have over 50 users logged into the server most of the day. – KidACrimson Mar 26 '17 at 18:11
  • Does the problem occur if users connect with the Windows RDP client, or only the Linux ThinStation client? – I say Reinstate Monica Mar 26 '17 at 18:27
  • Technically both, but on a Windows machine the user can press control+alt+delete to force exit the RDS session and start new. – KidACrimson Mar 26 '17 at 18:35

1 Answers1

2

Under most setups it is not possible to "switch user" from a locked RDP session on an RDS server. That said, if you set "Remote Desktop Host Configuration" of the RD Gateway to use native "RDP layer encryption" another user should be able to login to RDS via the same thin-client, even after the session has locked. This is because it allows the "other user" icon (blank user icon) to be brought up along side the logged on user's icon at the login screen. The downside to this is that native RDP-level encryption only provides weak security because it cannot use Network Level Authentication.

However, try this key-combo:

CTRL + ALT + ENTER

That should allow the end user to break out of the "locked" RDP session in FreeRDP. That way new user could login and the original user's session would remain on the RDS server (and could be picked up later or logged into from a different thin-client).

SamAndrew81
  • 284
  • 1
  • 6
  • 20