I'm using remote desktop on Windows Server 2008 r2 and I'm trying to find a way to prevent users from kicking off admin users. I understand that according to MS a regular user should not be able to kick off an admin user however if a user attempts to log in while the admin user is on (and all other sessions are in use) the admin user has 30 seconds to click the box telling Windows that they are still using this session or they will be kicked.
The behavior that I am trying to create is for the admin to not be able to be kicked under any circumstances. Is this possible?
Edit: Allow me to clarify. I don't need more than 2 users to be able to log on. I just need for no normal user to be able to kick the admin user regardless of the number of users. If the admin user is on and someone else tries to log in I would like for them to be denied access. Is this possible?
Best Answer
Without purchasing and installing Remote Desktop Services CALs, you are only entitled to use Remote Desktop for administrative purposes. This is per the Windows Server license terms. If you have two non-administrative users that need to log in to run applications, you still need to purchase RDS CALs. The default two connections are only for administrative purposes. It's not two freebie RDS entitlements per server.
When you properly license your environment, your issue will go away since the proper amount of limited connections will be allowed in addition to two administrative sessions per server.