How to get RDP access again with multiple sessions on a machine
How to get RDP access again with multiple sessions on a machine
You may run into this scenario from time to time:
I am unable to RDP or TS into a server remotely because 2 people are logged in and the console port is in use.
Let’s just say that the people or person occuping the maximum number of allowed connections(including console) is new and doesn’t realize that they need to actually disconnect the session and not just click the ‘x’. So you are an admin too but you can’t RDP in. Here is an alternative method:
- Locate a machine that is running the same OS. In this case it was WIN2K8. You can obtain a remote prompt on that machine by using psexec.exe from:
http://www.hpdit.com/sysinternals/psexec.exe
Then you will want to query the terminal server of the machine you are not able to RDP into. (Discussed later)
- Copy the binary by clicking into it and saving locally to a place where you can find and execute it easily from the command line.
- Press Windows key and R and then type in cmd and press enter.
- CD to the directory you saved the psexec.exe binary and run the following command:psexec -u domain\admin_creds \\servername cmd
*Note you can always verify you have a remote command line prompt by checking the hostname as follows:
hostname
Press enter and it will produce the system’s hostname
- Press enter and type in the password of the user with the admin creds and press enter.
- Then do a query of terminal sessions by doing the following:query session /server:servername
- Look for the sessions to pop up and find the desireable one to end.
- End it by typing in the following:reset session [ID] /server:servername
- You can re-run that query again to determine that the session has been disconnected.
- Exit out of that prompt by typing exit and then pressing enter.
- Launch an RDP session ie.
mstsc /v:servername
A connection.
Great Tool for Windows Server Active Directory Exploration
Another great tool worth reviewing is adexplorer.exe which allows in most AD environments users the ability to go and look at ADS. So this can be useful for determining if users belong to the correct OU. It runs stand alone and does not require necessarily that you are an Enterprise\Domain Admin. Also you can save some time while drilling down throw to the root cause of an issue whether it be ACLs, Perms, etc. related.
https://www.hpdit.com/sysinternals/ADExplorer.exe
At HPD Global – VIT Cloud Services we certainly have had the benefit of using this tool for Fortune 100 companies, we can attest to having this knowledge and experience to get the job done for any type of business environment. Without getting full active directory access to do a PCI Audit we were able to use this tool which allowed object attributes to be ignored in Active Directory and allow us to do User Object account audits. This was in regards to all the Administrator accounts which is something looked at when performing PCI, SOX, and IAB, MRC Audits. Is compliance a mystery to you and your Org? We can certainly help you get on track with regards to compliance, which is something not going away. Contact us today.
