Console Behavior Differences in Longhorn Server Terminal Services

Console Behavior Differences in Longhorn Server Terminal Services

  • Comments 26
 

This article describes a few behavioral differences between Windows Server 2003 and Windows Server Codenamed Longhorn in Remote Administration mode. Note that these changes will be available in Beta 3 and later builds.

 

Architectural change - Session 0 Special-ness

 

In Windows 2003, the session 0 is always associated with session on physical console. When user logs on to physical console or connects remotely using /console, she gets session 0.

 

In Longhorn, session 0 is not an interactive session anymore. It hosts only services. The first interactive user session is session 1, no matter whether user is logged on to physical console or connected remotely. The second interactive user session is 2 and so on. The session IDs are reused as users log off and previous sessions are terminated.

 

Reconnecting to session 0 from another session by any means, such as tscon.exe, is denied in longhorn server.

 

 

Reconnecting to your session on physical console

 

In Windows 2003, administrators typically use /console to reconnect remotely to their session on physical console. In Longhorn, /console switch is ignored in remote administration mode. The session obtained by connecting using /console is just like another remote session.

 

Reconnecting to your session on physical console (or any of your sessions for that matter) is driven by "Restrict user to one session" policy. This policy value can be set using tsconfig (under "Edit Terminal Server Settings" - "General" section). There is also a group policy for this which can be edited using gpedit.msc (navigate to Computer configuration - Administrative templates - Windows components - Terminal Services - Terminal Server - Connections).

 

The default value for this policy is 1, which means each user is restricted to one session. So, you do not need /console to reconnect remotely to your session on physical console, unless you modify this policy value. Here is the scenario and behavioral difference in Windows Server 2003 and Longhorn.

 

Scenario:

You are logged on to physical console of the server.

Now you (using same user account) connect remotely to this server.

 

Windows Server 2003 behavior:

 

If you use /console while connecting, you will get reconnected to your session on physical console. If you did not use /console while connecting you will get a new session. It does not matter what the value of "Restrict user to one session" policy is.

 

Windows Server Codenamed Longhorn behavior:       

 

If "Restrict user to one session" policy is ON, you will get reconnected to your session on physical console. Note that you do not need to specify /console anymore to reconnect remotely to your session on physical console.

 

If "Restrict user to one session" policy is OFF: If your session on physical console is active, you will get a new session. If your session on physical console is in disconnected state, you will get reconnected to that session.

 

Note that this behavior applies no matter whether you specified /console or not while connecting.

 

If "Restrict user to one session" policy is OFF and you want to get back to your session on physical console:

 

  • Within your second session, type "qwinsta" to list all the sessions.
  • You should see your session listed as active and named "console". If that is the case, you can simply type "tscon console" to reconnect back to your session.
  • If your session on physical console was disconnected for some reason (e.g. someone switched user on physical console after your remote logon), get the session ID associated with your other session and type "tscon <session ID>" to reconnect back to that session.

 

Leave a Comment
  • Please add 7 and 2 and type the answer here:
  • Post
  • We currently use connecting to the /console session of win2003 for applications that need to capture audio from a sound card in the server. This only works in the console session, as the normal remote desktop sessions don't have access to the server's audio device (only to the virtual audio device that can play back audio to the remote pc).

    How will this be possible with win2008?

  • Is very dumb behaviour to eliminate the ability to connect to the console. Many applications, especially older ones that can't be replaced or recoded will only perform specific functions if they are accessed from the console.

    I also tend to keep the console session locked by staying logged in on my remote computers. Started doing that by accident, but turned out to be a good idea during a security event where other peoples' remote computers got messed with.

    Another useful function is to be able to make a remote computer make noise if it needs attention. When I hear the noise, I can log into the console and see the messages (I have a closet full of servers (literally a closet -- there is sports gear in there, too) in addition to remote servers so I can hear them when they get noisy). I connect to the consoles all the time since putting a keyboard fulltime on all of them would be silly -- and switch boxes are, well, confusing.

    As a side note, has something happened with the Windows 2003 in the automatic updates that has also disabled the console ability?

    Whoever made the boneheaded decision to disable the console access from terminal services should re-think that decision.

  • It also seems like the /console switch is disabled in (SP3 for Win XP). There is no possibilities to connect to the console anymore. The good point with session 0 was that the End a disconnected session was not applied for seesion 0. Very Bad decission to have this implemented in current versions!!!!!!!!!

  • Solution find!!! The /console switch is renamed to /admin. Digged it up from http://blogs.msdn.com/nickmac/archive/2007/11/28/mstsc-console-switch-in-windows-server-2008-and-windows-vista-sp1.aspx

  • How can I restrict TS to 1 session only for 2k3. just like XP. Console or not.

    thx

  • @cron123:

    For Windows Server 2003, set the Restrict each user to one session option to Yes in Terminal Services Configuration. Alternatively, set the Restrict Terminal Services users to a single remote session group policy to Enabled.

  • Well, I understand that console session is not equal to session 0 anymore and that it is not possible to connect to session 0.

    Can anyone point out, if there is still a special function of the console session? Is there any difference, anything you can do, that you can't do in any other session?

  • The console session has no special function.

    The only difference from a remote session is: console session is connected to the local console instead of a remote console and one does not need to be a member of Remote Desktop Users group to log on to it.

    On Remote Desktop Server the console session is equal a remote session started with "/admin" switch (i.e. it does not consume a license). If Remote Desktop Server is not installed, the console session is equal to a remote session.

    Thx,

    Sergey.

  • Admin switch doesn't work for cases like this. Applications can somehow detect that you are using RDP.

    seer.entsupport.symantec.com/.../294182.htm

  • What if you have set the policy to start a program automatically upon connection (for users) yet you sill want to remote into the physical session to manage the server (for admins)? From my experience, if this setting is turned on, there is no way to use Remote Desktop to connect and then receive a desktop to work with.

  • Boogie - Do you find the solution for your problem. I'm facing the same issue in one my client machine. Advance Thanks for your help

Page 2 of 2 (26 items) 12