0

Here is my setup: I have a "server"-computer (Win7Pro) that is connected to X other "client" computers (Win7Home) via ethernet.

Is there a solution to create dynamically (C#?) users on that client-computers to give access to the remote desktop connection for a specific timeslot? For example: User1 should have access to computer2's remote desktop connection from 11AM to 1PM and User2 should have access to the same computer from 3PM till 8PM. This reservation times should be created by a software on the server-computer. Is there a way to give user-timeslots remotely?

Thanks, 5erv3

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
5erv3
  • 1
  • 2
    If I'm reading the question correctly, that's not a duplicate at all. He's wanting a way to give users time-specific access to RDP sessions. A passing mention of dynamically creating users does not make the two questions equivalent, not AT ALL. – Chris Mar 25 '13 at 22:50
  • Another question closed by excessive moderation without even understanding the question. This site is overrun by those who would do more harm than good. – Chris Mar 26 '13 at 03:49
  • Chris is correct, this did not really answer my question to give specific timeslots from the server machine to the remote computers, i tried the solution above but i cannot create users from the server on the clients – 5erv3 Mar 26 '13 at 15:29

1 Answers1

0

In order to do this, you would have to set the remote desktop client to listen on a different port and write an intermediary "firewall" (or if you prefer, RDP forwarder) that could decrypt the RDP traffic, determine the username, and reject the connection based on the time slot allocated to the user. I'm not aware of anything similar that already exists.

Quite a monumental undertaking, but it's certainly possible, I would think.

For details regarding implementation of the RDP protocol itself, I'd suggest you start at www.freerdp.com

Chris
  • 27,596
  • 25
  • 124
  • 225
  • 1
    Why do you have to do all of this? Why won't it work to just create user accounts, give them the appropriate permissions/restrictions, and then let them connect? Do note that he wants this software to run on the "server" machine. Why is an intermediary needed? – Cody Gray - on strike Mar 25 '13 at 22:51
  • Because it's ridiculous to delete and recreate accounts on-demand for the purpose of time scheduling. Not only do you run into issues where a user might still be logged in at the time their window is up, but you're recreating the user profile data every time you do this. Nothing is retained between sessions, including user data and software settings. It's a horrible solution. – Chris Mar 25 '13 at 22:54
  • Er, who said anything about delete and recreate acounts on demand? @Cody did not say that. – David Heffernan Mar 25 '13 at 23:12
  • Maybe I'm misreading something, but merely creating an account does not accomplish what the OP asked. The OP asked how to restrict access to certain time slots. To do that, you either need a program in between or you would need to delete the account at the end of the time slot and recreate it at the beginning of the next time slot. – Chris Mar 25 '13 at 23:14
  • If I'm remembering correctly, you can restrict the hours that a particular user account is allowed to log in. This can be done dynamically without deleting and recreating the user account. At least, I remember doing this back on Windows NT 4 and 2000 the last time I worked as a sysadmin. (Yup, [here are some very NT 4 screenshots](http://www.intelliadmin.com/index.php/2008/04/restrict-user-logon-hours/), but I can't imagine that this feature has been removed in later versions.) – Cody Gray - on strike Mar 25 '13 at 23:26
  • You can restrict logon hours in Windows Server, not Windows PRO, as the OP states he is using. – Chris Mar 26 '13 at 03:48
  • yeah, the problem is that i dont have windows server. – 5erv3 Mar 26 '13 at 17:34
  • [This answer](http://superuser.com/a/377812/40134) to a related question seems to indicate that this is achievable without a server version of Windows. I can't test it to be sure; all I have available is the server SKU. Moreover, you can set up a Group Policy to force logoff when the allowed logon hours expire. According to [this site](http://mscerts.programming4.us/windows/windows%207%20%20%20preventing%20users%20from%20logging%20on%20at%20certain%20times.aspx), this works fine with Win 7 Professional. The option you want is "Network Security: Force Logoff When Logon Hours Expire". – Cody Gray - on strike Mar 28 '13 at 17:21