最近因为一个监控相关的项目,深入研究了一下 windows 的 远程桌面的相关知识。

1. 如何让关闭了远程桌面连接的用户,对应的 session 立即退出 windows server。

大家使用 mstsc.exe 远程桌面登录windows server时,退出时,99.99%的人会直接关闭 mstsc.exe 窗口,而不会点击开始--->退出。导致的问题是,登录用户已经提出了,但是 query user 和 query session 时,发现退出的用户,在 windows server 中还是 Active/运行中 则状态。这样会白白占用一个sesion的资源,可能会导致,别人登录时,报 类似 “超过人数” 的错误。

解决办法:

注册表[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp],修改

MaxDisconnectionTime

将该值改为0x3e8(1000),也就是1000毫秒(也就是1秒),重启系统就ok。

Next look to the following key in the registry:

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\Console

&

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Look for fInheritresetBroken (make dword 0) 不继承客户端的设置

fInheritReconnectSame (make dword 0) 不继承客户端的设置--连接到以前的同一个session

fReconnectSame (make dword 0) 是否连接到以前的同一个session

fResetBroken (make dword 1)  是否断开连接之后,进行连接的重置,也即使 不使用以前的session,重新初始化一个新的session

If all those values are OK then we'll look at the MaxDisconnectionTime values under the Terminal Server Key. You'll need to expand each subskey and look for these two entries in EVERY key, it exists multiple times

fInheritMaxDisconnectionTime (make this dword 0 to disable Inherit) -- 不继承客户端的设置

&

MaxDisconnectionTime (1000毫秒,也就是在 rdp 连接 端口 1秒 之后,立即将 rdp session 从 windows server中踢掉。)

2. 限制一个用户仅仅能够同时连接一次

监控时,我们要实现,一个用户名,只能同时登录一次,也就是同一个用户名,在windows server中,只能有一个登录会话存在,解决办法:

设置注册表:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser  为 1. 启用一个用户只能有一个session的限制。

fSingleSessionPerUser: TRUE indicates each user can have only a single session; FALSE otherwise.

3. 限制/放开限制  rdp 连接的总数

默认时,有些版本的系统,最多仅仅只能运行两个 administor 和 一个 console 登录session的存在。

去掉该限制的方法:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MaxInstanceCount

设置为 ffffffff。对 rdp session 的并发数量不进行限制。

MaxInstanceCount

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services

Description

Stores configuration data for the policy setting Limit number of connections. (限制 rdp 连接的数量

Change Method

To change the value of this entry, use the Group Policy Object Editor (Gpedit.msc). The corresponding policy is located in Administrative Templates\Windows Components\Terminal Services.

https://technet.microsoft.com/en-us/library/cc758332(v=ws.10).aspx

相关参考资料:

1)http://remotedesktoprdp.com/force-single-session-allow-multiple-sessions-per-user

Force a single session or allow multiple Remote Desktop sessions per user

Remote Desktop/Terminal Services has two settings for multiple sessions. You can either allow multiple sessions per user (in which case if you log in twice, you'll get two sessions), or force a single session per user (in which case you can only log in once and subsequent sessions will be redirectedto the original session.

To change this setting, you'll need to perform a registry change. The following steps describe the process:

    1. Start Registry Editor (by default, this is located at c:\windows\regedit.exe).

    2. Go to the following registry key:

      HKEY_LOCAL_MACHINE\
          System\CurrentControlSet\Control\TerminalServer

    3. If the fSingleSessionPerUser value doesn't exist, create a new DWORD value named fSingleSessionPerUser
    4. Open the fSingleSessionPerUser value. The possible values for this setting are as follows:
      0x0
      Allow multiple sessions per user
      0x1
      Force each user to a single session
    5. Enter the new setting, and then click OK.

2)

 

For a specific terminal server session, USERCONFIG indicates the user and session configuration.

 typedef struct _USERCONFIG {

   ULONG fInheritAutoLogon  :1;

   ULONG fInheritResetBroken  :1;

   ULONG fInheritReconnectSame  :1;

   ULONG fInheritInitialProgram  :1;

   ULONG fInheritCallback  :1;

   ULONG fInheritCallbackNumber  :1;

   ULONG fInheritShadow  :1;

   ULONG fInheritMaxSessionTime  :1;

   ULONG fInheritMaxDisconnectionTime  :1;

   ULONG fInheritMaxIdleTime  :1;

   ULONG fInheritAutoClient  :1;

   ULONG fInheritSecurity  :1;

   ULONG fPromptForPassword  :1;

   ULONG fResetBroken  :1;

   ULONG fReconnectSame  :1;

   ULONG fLogonDisabled  :1;

   ULONG fWallPaperDisabled  :1;

   ULONG fAutoClientDrives  :1;

   ULONG fAutoClientLpts  :1;

   ULONG fForceClientLptDef  :1;

   ULONG fRequireEncryption  :1;

   ULONG fDisableEncryption  :1;

   ULONG fUnused1  :1;

   ULONG fHomeDirectoryMapRoot  :1;

   ULONG fUseDefaultGina  :1;

   ULONG fCursorBlinkDisabled  :1;

   ULONG fPublishedApp  :1;

   ULONG fHideTitleBar  :1;

   ULONG fMaximize  :1;

   ULONG fDisableCpm  :1;

   ULONG fDisableCdm  :1;

   ULONG fDisableCcm  :1;

   ULONG fDisableLPT  :1;

   ULONG fDisableClip  :1;

   ULONG fDisableExe  :1;

   ULONG fDisableCam  :1;

   ULONG fDisableAutoReconnect  :1;

   ULONG ColorDepth  :3;

   ULONG fInheritColorDepth  :1;

   ULONG fErrorInvalidProfile  :1;

   ULONG fPasswordIsScPin  :1;

   ULONG fDisablePNPRedir  :1;

   WCHAR UserName[USERNAME_LENGTH + 1];

   WCHAR Domain[DOMAIN_LENGTH + 1];

   WCHAR Password[PASSWORD_LENGTH + 1];

   WCHAR WorkDirectory[DIRECTORY_LENGTH + 1];

   WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1];

   WCHAR CallbackNumber[CALLBACK_LENGTH + 1];

   CALLBACKCLASS Callback;

   SHADOWCLASS Shadow;

   ULONG MaxConnectionTime;

   ULONG MaxDisconnectionTime;

   ULONG MaxIdleTime;

   ULONG KeyboardLayout;

   BYTE MinEncryptionLevel;

   WCHAR NWLogonServer[NASIFILESERVER_LENGTH + 1];

   APPLICATIONNAME PublishedName;

   WCHAR WFProfilePath[DIRECTORY_LENGTH + 1];

   WCHAR WFHomeDir[DIRECTORY_LENGTH + 1];

   WCHAR WFHomeDirDrive[4];

 } USERCONFIG,

  *PUSERCONFIG;

fInheritAutoLogon: The prompt for the password setting. TRUE indicates the use of client-specified autologon settings, FALSE specifies the use of machine autologon settings.

fInheritResetBroken: Reset the session when the connection is broken. TRUE indicates the value to use for fResetBroken from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritReconnectSame: Reconnect from the same client setting. TRUE indicates the value to use for fReconnectSame from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritInitialProgram: The initial program setting. TRUE indicates the value to use for InitialProgram from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritCallback: The callback setting. TRUE indicates the value to use for Callback from the user properties if the machine/user policy is not set, FALSE otherwise.<63>

fInheritCallbackNumber: The callback number setting. TRUE indicates the value to use for CallbackNumber from the user properties if the machine/user policy is not set, FALSE otherwise.<64>

fInheritShadow: The shadow setting. TRUE indicates the value to use for Shadow from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritMaxSessionTime: The maximum allowed session connection time setting. TRUE indicates the value to use for MaxSessionTime from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritMaxDisconnectionTime: The maximum allowed session disconnect time setting. TRUE indicates the value to use for MaxDisconnectionTime from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritMaxIdleTime: The maximum allowed session idle time. TRUE indicates the value to use for MaxIdleTime from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritAutoClient: The auto client setting. TRUE indicates the value to use for fAutoClientDrivers and fAutoClientLpts from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritSecurity: Inherit security setting. TRUE indicates the use of security settings from the user properties if the machine/user policy is not set, FALSE otherwise.

fPromptForPassword: Set to TRUE to ignore the credential sent from the client and always prompt for a passwordFALSE otherwise.

fResetBroken: Set to TRUE to log off the session when the idle timers for the session expire. Otherwise, the session will be disconnected when the timer expires.

fReconnectSame: FALSE indicates that the user can reconnect from any client computer to a disconnected session.

TRUE indicates that the user must reconnect to a disconnected session from the same client computer that initially established the disconnected session. Logging on from a different client computer will lead to a new terminal server session being created.

fLogonDisabled: TRUE indicates that a user cannot log on to a session remotely, FALSE otherwise.<65>

fWallPaperDisabled: TRUE indicates display of the desktop wallpaper in the session has been disabled, FALSE otherwise.

fAutoClientDrives: TRUE specifies to automatically redirect local drives on the client so they are accessible to the user in the remote terminal server session, FALSE otherwise.

fAutoClientLpts: TRUE specifies to automatically redirect printers on the client so they are accessible to the user in the remote terminal server session, FALSE otherwise.

fForceClientLptDef: TRUE indicates to force the client's redirected printer to be the default printer for the user, FALSE otherwise.

fRequireEncryption: TRUE indicates the connection must be encrypted, FALSE otherwise.

fDisableEncryption: TRUE indicates the connection does not need encryption, FALSE otherwise.

fUnused1: Not used.

fHomeDirectoryMapRoot: Not used.

fUseDefaultGina: TRUE indicates to override a third-party GINA so that only the default GINA is used for the terminal server session, FALSE otherwise.<66>

fCursorBlinkDisabled: TRUE indicates disable the blinking of the mouse cursor, FALSE otherwise.<67>

fPublishedApp: Not used.

fHideTitleBar: Not used.

fMaximize: Not used.

fDisableCpm: TRUE indicates disable client printer redirection, FALSE otherwise.

fDisableCdm: TRUE indicates disable client drive redirection, FALSE otherwise.

fDisableCcm: TRUE indicates disable client COM port redirection, FALSE otherwise.

fDisableLPT: TRUE indicates disable client printer (LPT) port redirection, FALSE otherwise.

fDisableClip: TRUE indicates disable client clipboard redirection, FALSE otherwise.

fDisableExe: TRUE indicates disable .exe file execution, FALSE otherwise.

fDisableCam: TRUE indicates disable client audio redirection, FALSE otherwise.

fDisableAutoReconnect: TRUE indicates disable auto-reconnect functionality, FALSE otherwise.<68>

ColorDepth: The color depth of the session.<69>

fInheritColorDepth: Set to TRUE to inherit color depth from the user or client configuration, FALSE otherwise.<70>

fErrorInvalidProfile: Set to TRUE if WFProfilePath, WFHomeDir, or WFHomeDirDrive is invalid (too long), FALSE otherwise.<71>

fPasswordIsScPin: Set to TRUE if the password field contains a smart card PIN.<72>

fDisablePNPRedir: Set to TRUE if Plug and Play (PnP) redirection is disabled, FALSE otherwise.

UserName: The user name used in autologon scenarios.

Domain: The domain name used in autologon scenarios.

Password: The password used in autologon scenarios.

WorkDirectory: The work directory for the initial program.

InitialProgram: The program to run instead of the default.<73>

CallbackNumber: The telephone number that will be returned by the Terminal Services server to the client when the server is unable to complete the connection request from the client. The user on the client side can use this number to call back for technical support.<74>

Callback: The callback class for callback operations.<75>

Shadow: The shadow setting of the session.

MaxConnectionTime: The maximum allowed session connection time setting of the session in milliseconds. The session will disconnect/logoff once the limit is reached.

MaxDisconnectionTime: The maximum allowed session disconnect time of the session in milliseconds(千分之一秒). The session will logoff once the limit is reached.

MaxIdleTime: The maximum allowed session idle time setting of the session in milliseconds. The session will disconnect/logoff once the limit is reached.(10分钟)

KeyboardLayout: The keyboard layout (HKL) of the session.

MinEncryptionLevel: The minimum allowed encryption level. Possible numeric values for this parameter include 1 (Low), 2 (Client Compatible), 3 (High), and 4 (FIPS). Detailed description of these encryption levels is included in [MS-RDPBCGR] sections 5.3.1 and 5.4.1.

NWLogonServer: The NetWare logon server name.<76>

PublishedName: Not used.

WFProfilePath: The terminal server profile path. Overrides the standard profile path.

WFHomeDir: The terminal server home directory path. Overrides the standard home directory.

WFHomeDirDrive: The terminal server home directory drive. Overrides the standard home directory.

3)https://msdn.microsoft.com/en-us/library/cc248657.aspx

后记:随便一个 google 相关资料还是很多的,也很权威。没有了google,或者英语阅读能力不太好,会产生很大的障碍。

windows 远程桌面研究的更多相关文章

  1. Windows远程桌面连接Mac OS X

    Windows远程桌面连接Mac OS X   第一步:Mac OS X 10.5 已经增加支持了由VNC Viewer访问的功能,设置如下:   系统偏好设置-共享-勾选“屏幕共享”,然后在电脑设置 ...

  2. CentOS下通过rdesktop连接Windows远程桌面

    众所周知,微软的Windows提供了一种远程桌面系统(Remote Desktop),该服务的默认端口是3389,可使用户远程登录进行系统管理或作为终端服务器运行各种应用软件. 而要连接Windows ...

  3. windows 远程桌面连接 RPi 2B

    /************************************************************************* * windows 远程桌面连接 RPi 2B * ...

  4. 使用XRDP实现Windows远程桌面Linux系统

    一般情况下我们用ssh客户端远程登陆Linux系统,至于图形界面下的linux远程登陆工具,我们一般都会想到vnc,但它的安全性不够,在这里,我将介绍XRDP的安装配置方法.我们可以很方便的通过Win ...

  5. c#实现windows远程桌面连接程序

    c#实现windows远程桌面连接程序 使用winform制作windows远程桌面连接程序,windows自带了远程桌面连接,我们需要将远程桌面连接集成 到自己的winform程序,并实现管理远程主 ...

  6. 通过xrdp服务实现windows远程桌面连接树莓派

    如题:通过xrdp服务实现windows远程桌面连接树莓派 受同学影响,最近接触到了树莓派,又加上自己技痒想试一下这个小东西究竟能做什么,所以开始了树莓派学习之旅. 正题开始-xrdp实现window ...

  7. Windows远程桌面卡的解决办法

    Windows远程桌面卡的解决办法 如果在网络没有什么大问题的情况下,可以尝试以下操作. 1.显示中颜色选择 增强色15位 2.体验中 设置成下图的样子 然后在尝试连接试试有没有好点

  8. Windows远程桌面,连接被拒绝,因为没有授权此用户帐户进行远程登录。

    Windows 服务器远程连接的时候,出现错误:“连接被拒绝,因为没有授权此用户帐户进行远程登录.”,导致无法远程登录服务器,如下图所示: 问题分析 该错误一般是由于 Windows 远程桌面相关权限 ...

  9. c#实现windows远程桌面连接程序代码

    使用winform制作windows远程桌面连接程序,windows自带了远程桌面连接,我们需要将远程桌面连接集成 到自己的winform程序,并实现管理远程主机的配置. 远程桌面核心类库 windo ...

随机推荐

  1. 【C语言学习趣事】_32_平胸的尴尬,嫁不出去的姑娘

    为什么写这篇文章呢? 为什么要弄这么个题目呢? 首先解释为什么用这个题目.这一切都要从那天在QQ群中的讨论说起,那天在群中,一个哥们问了一个关于(void)0 的问题.然后大家说到了 (void)0和 ...

  2. 线程Thread的基础知识学习

    一.线程的基本概念 1.线程是一个程序内部的顺序控制流. 2.Java的线程是通过java.lang.Thread类来实现的. 3.VM启动时会有一个由主方法{public static void m ...

  3. phpcms 二次开发数据过滤的技巧

    参数过滤 1,针对不能直接使用pdo进行参数绑定,可以使用sprintf模拟,并使用new_addslashes来过滤,然后使用query执行拼接的sql %% - 返回百分比符号 %b - 二进制数 ...

  4. CentOS 6.5 搭建 LAMP 环境

    目录 第一步: 安装和配置Apache服务器 第二步: 设置.绑定站点目录文件 第三步: 安装MYSQL数据库 第四步: 安装PHP环境 总结 >>Begin: 第一步: 安装和配置Apa ...

  5. java集合-HashMap

    HashMap基于哈希表的 Map 接口的实现,以 key-value 的形式存在.在 HashMap 中,key-value 总是会当做一个整体来处理,系统会根据 hash 算法来来计算 key-v ...

  6. Centos安装Memcached和(Nginx)Memcache扩展详细教程

    下载memadmin,下载地址:http://www.junopen.com/memadmin/ 并在IIS新建站点. 测试地址:http://wap.yousawang.com/mem , 1.重启 ...

  7. 【javascript激增的思考02】模块化与MVC

    前言 之前我们遇到了这么一个项目,也就是我们昨天提到的,有很多的小窗口的,昨天说的太抽象了,今天我们再来理一理什么是小窗口(后面点说下),当时由于js有一点复杂,我自己也装B跟风用了一下传说中MVC! ...

  8. css3中filter的各种特效

    css3中的filter属性可以说是简单易用且强大,这些效果作用在图片上实现一些特效(也可以作用在vidio上,此处只讨论图片特效). 浏览器兼容性 目前各大浏览器对于css3的兼容已经非常好了,最新 ...

  9. URL-统一资源定位器

    URL - Uniform Resource Locator URL 可以由单词组成,比如 “w3school.com.cn”,或者是因特网协议(IP)地址:192.168.1.253.大多数人在网上 ...

  10. SharePoint 2013必备组件离线包安装:AppFabric无法安装问题解决

    由于没有网络,无法使用sharepoint2013的安装必备软件的在线下载向导安装,当要安装 SharePoint 2013 的服务器与 Internet 隔离时,通常需要从脱机位置安装必备组件.即使 ...