We have a bunch of servers that our engineers remote desktop into, but each server has a two connection limit. We will often attempt to RDP into these boxes and we will see the "This machine has exceeded the maximum number of connections" message.
It's a big pain because we have sent out several email messages to these users, and they never get the point.
I know how to connect to the root console and boot people, but I'd prefer not to do that. I also know that there are ways of booting inactive sessions after a period of time, and I don't want to do that either.
I want to force users to learn that they need to log out. This doesn't happen if you log them out manually (plus logging them out manually is a pain). If you just log them out manually, these engineers won't think twice about staying connected in an RDP session because it is convenient for them.
I would prefer some notification system where the inconsiderate user is notified via email or NET SEND message that their account is being disconnected from machine. That way, they will realize that they are doing something wrong. Even better, if they are in violation several times, I would like their account to be locked until a system administrator unlocks it.
Is there a way to achieve the goal of having users log out manually? All suggestions are welcome.
Best Answer
You can use the Remote Desktop Session Host Configuration tools, or (better) Group Policies to define rules around RDP disconnects.
If you use Group Policy and OUs, you will be able to allow some users to stay "disconnected" and force others to log-off after disconnect.
Specifically check out these policy branches:
And policies like these:
.
For more info, check out this page from MS about RDP disconnection policies.