What exactly is the difference between using
mstsc
mstsc /admin
mstsc /console
mstsc /admin /console
all answers appreciated - in particular if any of these can effect the user being logged out after inactivity.
A little history on this:
In Windows XP, Windows Server 2003, and earlier versions of the Windows operating system, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents who are looking for a means to elevate their own privilege level. (Source)
As a result, the /console switch has been eliminated - starting from Windows XP Service Pack 3, Windows Vista Service Pack 1 and Windows Server 2008.
However, The /admin option lets you connect to Session 0 on a remote computer that doesn’t have Windows Vista SP1, Windows XP SP3 or Windows Server 2008 or later installed.
Concerning Timeouts: The default time out afaik is 20 min regardless of switch.
Previous to terminal service 6.1 you accessed the "console session" of a remote machine by "mstsc /console". After 6.0(6.1 and later) the flag was changed to using "mstsc /admin"
When you use "mstsc /admin /console" the /console is ignored. Similarly if you specified your host with "mstsc /v:servername /console" the /console would be ignored without giving you any warning.
I believe either one should have the same inactivity timers but I haven't confirmed that anywhere.
Related
As recently as Tuesday I've been able to create virtual machines using Microsoft Hyper-V virtualalization software and thus far I've created 3.
All running Win2K12 server with SQL Server as a lab environment for setting up mirroring and replication (all through a legally obtained license, as part of the MS partner program).
The specs of my work laptop are:
Windows 10 Pro
16 gigs of ram
i7-6700HQ #2.60GHz
NVidia GTX 960M
As of yesterday I was not able to create any new virtual machines, with the following
I find this very strange: I've nog been fumbling with rights and/or permissions on my machine.
My troubleshooting log:
A quick check in the local policies tells me the Administrators still have
local log on rights,
Turning all the existing virtual machines of doesn't help,
Windows Defender and Hitman Pro can't find any abnormalities,
Rebooting doesn't help ;)
"This issue occurs because the NT Virtual Machine\Virtual Machines special identity does not have the Log on as a Service right on the Hyper-V host computer. Usually, the Virtual Machine Management Service (VMMS) replaces this user permission at every Group Policy refresh to ensure it is always present. However, you may notice that Group Policy refresh does not function correctly in certain situations. "
https://support.microsoft.com/en-us/kb/2779204
Solution in CMD:
gpupdate /force
After installing the Directory Services Role and configuring and promoting the server to a domain controller the wizard automatically reboots my server.
After the reboot, I can no longer log in to the server as before (via RDP). What happened? This is a virtual server, so destroying it and starting over is an option, but after trying that 3 times how do I avoid this problem in the first place?
And another question is - can I install Active Directory without rebooting automatically?
can you ping ? what is the ping out put looks firewall is blocking or allow connections only from computers running remote desktop with NLA is enabled.
Why don't you install team viewer and setup unattended access and see what happening.
The overall picture that I am trying to achieve is for me and three other people to connect remotely to a client's network and use Lotus Designer 8.5.3 FP6 to access the client's Domino servers. We will each have our own logons to the client's Citrix environment which runs a Windows 7 desktop, then using Remote Desktop concurrently connect to PC(s) within the client's network to run Lotus Designer from there. (Lotus Designer is not available on the Citrix desktop.)
The issue is that the client is wanting to avoid having four separate physical PCs set up waiting for us to log in. They have Windows Server 2012 Standard virtual machines available.
First question: Can the Lotus Designer client 8.5.3 FP6 run on Windows Server 2012 Standard VM? I know that it is not officially supported, but is there any reason why it wouldn't work?
If it can run, then the second question: Is it possible for all four people to use remote desktop to concurrently log in to one Windows Server 2012 Standard VM, which has a separate instance of Lotus Designer 8.5.3 FP6 installed per user? (and of course run the separate instances of Designer concurrently) Or would we need four separate Windows Server 2102 Standard VMs?
Thanks for any light that can be shed on these questions.
First of all: Designer 8.5.3FP6 will run on Windows Server 2012 although not officially supported.
To start the designer concurrently you need to "fake" a multiuser- installation:
Before installing create an extra drive, e.g. by using "subst".
You might need to do this twice, once for the user himself, once in an elevated prompt, so that installer can access it.
e.g. subst D: C:\NotesUserA
Then you install program and data directory into D:
After that you copy C:\NotesUserA\IBM\Notes to C:\NotesUserB\IBM\Notes, C:\NotesUserC\IBM\Notes, and so on.
In loginscript make sure, that for every user the right Folder is mapped as "D:".
That way it should be possible to start Notes concurrently in different sessions.
Trying to setup an ODBC connection for UPS to access our SQL server, from our shipping client computer.
I have scoured as much as I can an ran across:
runas /netonly /user:domain\account "c:\windows\system32\odbcad32.exe"
Now, using this method, on my current client computer, I was able to setup an odbc connection successfully using SQL Native Client 11 (5058). I am using Win 10. Our shipping computer, with multiple manifest systems on it, is still using Win 7, but otherwise is setup the same on the domain.
Using the same process as above, the connection ultimately times out, and states that the server is not online/not available/not allowing remote connections.
Is there a step I'm missing? Both clients have same rules for firewall, both are using the same user/password in the runas cmd. The only difference between the two clients is Win 10 vs. Win 7, and the current logged in user is different (but that shouldn't matter with the runas cmd?)
Thanks!
So after several days/hours of trying various solutions and suggestions from all over the interwebs, I came across this solution/tips.
In SQL Server Configuration, checking the network configuration protocols/clients/aliases. In my case, there was an aliases established for 32-bit, and not 64-bit. I disabled the 32-bit one.
I then found suggestions to us the ip (which I had tried in the past, with no success), but this time, after ensuring all the tcp/ip protocols were enabled and the 32-bit aliases was disabled, I was able to connect the 32-bit to the 64-bit SQL server, using the xxx.xxx.xxx.xxx address of the server.
Test came back successful!
I've 8 computers running Windows 8 (the basic edition) and I'm trying to run some application on each of them with a batch script.
I tried:
PsExec.exe -i -d -u USER -p PASSWD \\PCNAME explorer.exe
But it gives me:
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
Couldn't access GATE1:
Access is denied.
It works fine on other PCs with Windows 7 Professional.
Does it works just on Pro edition? If so, is there a way I can run something remotely on Win 8?
I resolved the same PsExec "Access is Denied" error on a Windows 8 Pro 64-bit target machine with the following registry modification on the target machine:
Registry Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
Add DWORD LocalAccountTokenFilterPolicy
Set LocalAccountTokenFilterPolicy to 1
(Reboot)
In domain based environment, Microsoft PowerShell Remoting may be an alternative to PsExec.
In workgroup setup, especially among many different versions of Windows it may get bit challenging.
PowerShell remoting requires PowerShell 2.0 on both client and server.
Also, ssh with it's all capabilities (including launching remote commands) works under Windows, even free servers (freesshd) and clients (PuTTY family) are available . Downside is requirement for highly privileged account (usually, in some Administrators group) - at least for initial setup.
The GATE1 part in your log is interesting - PsExec requires so called "admin share" enabled (not sure does it work in Windows 8). I'd bet it's not the system, but a network issue.