We have a cluster of 3 RDS servers, all running Windows Server 2008 R2. We recently started using thin clients and have run into an issue: once a user is logged in, another user cannot "switch" to the login screen. The original user has locked the session and is the only one who can login until the session times out from inactivity (30 mins), or I manually kick off the first user from the RDS server (obviously not feasible each time).
I created a GPO and applied it to the 3 RDS servers:
Computer Policy -> Administrative Templates -> System -> Logon -> Hide entry points for Fast User Switching: Disabled
Then ran a GPupdate command against the 3 servers, but nothing changed. Any ideas? Thank you.
Best Answer
Under most setups it is not possible to "switch user" from a locked RDP session on an RDS server. That said, if you set "Remote Desktop Host Configuration" of the RD Gateway to use native "RDP layer encryption" another user should be able to login to RDS via the same thin-client, even after the session has locked. This is because it allows the "other user" icon (blank user icon) to be brought up along side the logged on user's icon at the login screen. The downside to this is that native RDP-level encryption only provides weak security because it cannot use Network Level Authentication.
However, try this key-combo:
CTRL + ALT + ENTER
That should allow the end user to break out of the "locked" RDP session in FreeRDP. That way new user could login and the original user's session would remain on the RDS server (and could be picked up later or logged into from a different thin-client).