windows 遠程桌面研究

来源:http://www.cnblogs.com/digdeep/archive/2016/03/24/5316665.html
-Advertisement-
Play Games

最近因為一個監控相關的項目,深入研究了一下 windows 的 遠程桌面的相關知識。 1. 如何讓關閉了遠程桌面連接的用戶,對應的 session 立即退出 windows server。 大家使用 mstsc.exe 遠程桌面登錄windows server時,退出時,99.99%的人會直接關閉 ...


最近因為一個監控相關的項目,深入研究了一下 windows 的 遠程桌面的相關知識。

1. 如何讓關閉了遠程桌面連接的用戶,對應的 session 立即退出 windows server。

大家使用 mstsc.exe 遠程桌面登錄windows server時,退出時,99.99%的人會直接關閉 mstsc.exe 視窗,而不會點擊開始--->退出。導致的問題是,登錄用戶已經提出了,但是 query user 和 query session 時,發現退出的用戶,在 windows server 中還是 Active/運行中 則狀態。這樣會白白占用一個sesion的資源,可能會導致,別人登錄時,報 類似 “超過人數” 的錯誤。

解決辦法:

註冊表[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp],修改

MaxDisconnectionTime

將該值改為0x3e8(1000),也就是1000毫秒(也就是1秒),重啟系統就ok。

 

Next look to the following key in the registry:

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\Console

&

HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp 

Look for fInheritresetBroken (make dword 0) 不繼承客戶端的設置

fInheritReconnectSame (make dword 0) 不繼承客戶端的設置--連接到以前的同一個session

fReconnectSame (make dword 0) 是否連接到以前的同一個session

fResetBroken (make dword 1)  是否斷開連接之後,進行連接的重置,也即使 不使用以前的session,重新初始化一個新的session

If all those values are OK then we'll look at the MaxDisconnectionTime values under the Terminal Server Key. You'll need to expand each subskey and look for these two entries in EVERY key, it exists multiple times

fInheritMaxDisconnectionTime (make this dword 0 to disable Inherit) -- 不繼承客戶端的設置

&

MaxDisconnectionTime (1000毫秒,也就是在 rdp 連接 埠 1秒 之後,立即將 rdp session 從 windows server中踢掉。)

 

2. 限制一個用戶僅僅能夠同時連接一次

 監控時,我們要實現,一個用戶名,只能同時登錄一次,也就是同一個用戶名,在windows server中,只能有一個登錄會話存在,解決辦法:

設置註冊表:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser  為 1. 啟用一個用戶只能有一個session的限制。

fSingleSessionPerUser: TRUE indicates each user can have only a single session; FALSE otherwise.

 

3. 限制/放開限制  rdp 連接的總數

預設時,有些版本的系統,最多僅僅只能運行兩個 administor 和 一個 console 登錄session的存在。

去掉該限制的方法:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MaxInstanceCount

設置為 ffffffff。對 rdp session 的併發數量不進行限制。

 

MaxInstanceCount

 

Updated: March 28, 2003

 

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

 

 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services

Description

Stores configuration data for the policy setting Limit number of connections. (限制 rdp 連接的數量

Change Method

To change the value of this entry, use the Group Policy Object Editor (Gpedit.msc). The corresponding policy is located in Administrative Templates\Windows Components\Terminal Services.

 

https://technet.microsoft.com/en-us/library/cc758332(v=ws.10).aspx

 

相關參考資料:

1)http://remotedesktoprdp.com/force-single-session-allow-multiple-sessions-per-user 

Force a single session or allow multiple Remote Desktop sessions per user

Remote Desktop/Terminal Services has two settings for multiple sessions. You can either allow multiple sessions per user (in which case if you log in twice, you'll get two sessions), or force a single session per user (in which case you can only log in once and subsequent sessions will be redirectedto the original session.

To change this setting, you'll need to perform a registry change. The following steps describe the process:

    1. Start Registry Editor (by default, this is located at c:\windows\regedit.exe).
    2. Go to the following registry key:

      HKEY_LOCAL_MACHINE\
          System\CurrentControlSet\Control\TerminalServer

    3. If the fSingleSessionPerUser value doesn't exist, create a new DWORD value named fSingleSessionPerUser
    4. Open the fSingleSessionPerUser value. The possible values for this setting are as follows:
      0x0
      Allow multiple sessions per user
      0x1
      Force each user to a single session
    5. Enter the new setting, and then click OK.

 

2)

https://msdn.microsoft.com/en-us/library/cc248610.aspx  

For a specific terminal server session, USERCONFIG indicates the user and session configuration.

 typedef struct _USERCONFIG {
   ULONG fInheritAutoLogon  :1;
   ULONG fInheritResetBroken  :1;
   ULONG fInheritReconnectSame  :1;
   ULONG fInheritInitialProgram  :1;
   ULONG fInheritCallback  :1;
   ULONG fInheritCallbackNumber  :1;
   ULONG fInheritShadow  :1;
   ULONG fInheritMaxSessionTime  :1;
   ULONG fInheritMaxDisconnectionTime  :1;
   ULONG fInheritMaxIdleTime  :1;
   ULONG fInheritAutoClient  :1;
   ULONG fInheritSecurity  :1;
   ULONG fPromptForPassword  :1;
   ULONG fResetBroken  :1;
   ULONG fReconnectSame  :1;
   ULONG fLogonDisabled  :1;
   ULONG fWallPaperDisabled  :1;
   ULONG fAutoClientDrives  :1;
   ULONG fAutoClientLpts  :1;
   ULONG fForceClientLptDef  :1;
   ULONG fRequireEncryption  :1;
   ULONG fDisableEncryption  :1;
   ULONG fUnused1  :1;
   ULONG fHomeDirectoryMapRoot  :1;
   ULONG fUseDefaultGina  :1;
   ULONG fCursorBlinkDisabled  :1;
   ULONG fPublishedApp  :1;
   ULONG fHideTitleBar  :1;
   ULONG fMaximize  :1;
   ULONG fDisableCpm  :1;
   ULONG fDisableCdm  :1;
   ULONG fDisableCcm  :1;
   ULONG fDisableLPT  :1;
   ULONG fDisableClip  :1;
   ULONG fDisableExe  :1;
   ULONG fDisableCam  :1;
   ULONG fDisableAutoReconnect  :1;
   ULONG ColorDepth  :3;
   ULONG fInheritColorDepth  :1;
   ULONG fErrorInvalidProfile  :1;
   ULONG fPasswordIsScPin  :1;
   ULONG fDisablePNPRedir  :1;
   WCHAR UserName[USERNAME_LENGTH + 1];
   WCHAR Domain[DOMAIN_LENGTH + 1];
   WCHAR Password[PASSWORD_LENGTH + 1];
   WCHAR WorkDirectory[DIRECTORY_LENGTH + 1];
   WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1];
   WCHAR CallbackNumber[CALLBACK_LENGTH + 1];
   CALLBACKCLASS Callback;
   SHADOWCLASS Shadow;
   ULONG MaxConnectionTime;
   ULONG MaxDisconnectionTime;
   ULONG MaxIdleTime;
   ULONG KeyboardLayout;
   BYTE MinEncryptionLevel;
   WCHAR NWLogonServer[NASIFILESERVER_LENGTH + 1];
   APPLICATIONNAME PublishedName;
   WCHAR WFProfilePath[DIRECTORY_LENGTH + 1];
   WCHAR WFHomeDir[DIRECTORY_LENGTH + 1];
   WCHAR WFHomeDirDrive[4];
 } USERCONFIG,
  *PUSERCONFIG;

fInheritAutoLogon: The prompt for the password setting. TRUE indicates the use of client-specified autologon settings, FALSE specifies the use of machine autologon settings.

fInheritResetBroken: Reset the session when the connection is broken. TRUE indicates the value to use for fResetBroken from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritReconnectSame: Reconnect from the same client setting. TRUE indicates the value to use for fReconnectSame from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritInitialProgram: The initial program setting. TRUE indicates the value to use for InitialProgram from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritCallback: The callback setting. TRUE indicates the value to use for Callback from the user properties if the machine/user policy is not set, FALSE otherwise.<63>

fInheritCallbackNumber: The callback number setting. TRUE indicates the value to use for CallbackNumber from the user properties if the machine/user policy is not set, FALSE otherwise.<64>

fInheritShadow: The shadow setting. TRUE indicates the value to use for Shadow from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritMaxSessionTime: The maximum allowed session connection time setting. TRUE indicates the value to use for MaxSessionTime from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritMaxDisconnectionTime: The maximum allowed session disconnect time setting. TRUE indicates the value to use for MaxDisconnectionTime from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritMaxIdleTime: The maximum allowed session idle time. TRUE indicates the value to use for MaxIdleTime from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritAutoClient: The auto client setting. TRUE indicates the value to use for fAutoClientDrivers and fAutoClientLpts from the user properties if the machine/user policy is not set, FALSE otherwise.

fInheritSecurity: Inherit security setting. TRUE indicates the use of security settings from the user properties if the machine/user policy is not set, FALSE otherwise.

fPromptForPassword: Set to TRUE to ignore the credential sent from the client and always prompt for a passwordFALSE otherwise.

fResetBroken: Set to TRUE to log off the session when the idle timers for the session expire. Otherwise, the session will be disconnected when the timer expires.

fReconnectSame: FALSE indicates that the user can reconnect from any client computer to a disconnected session.

TRUE indicates that the user must reconnect to a disconnected session from the same client computer that initially established the disconnected session. Logging on from a different client computer will lead to a new terminal server session being created.

fLogonDisabled: TRUE indicates that a user cannot log on to a session remotely, FALSE otherwise.<65>

fWallPaperDisabled: TRUE indicates display of the desktop wallpaper in the session has been disabled, FALSE otherwise.

fAutoClientDrives: TRUE specifies to automatically redirect local drives on the client so they are accessible to the user in the remote terminal server session, FALSE otherwise.

fAutoClientLpts: TRUE specifies to automatically redirect printers on the client so they are accessible to the user in the remote terminal server session, FALSE otherwise.

fForceClientLptDef: TRUE indicates to force the client's redirected printer to be the default printer for the user, FALSE otherwise.

fRequireEncryption: TRUE indicates the connection must be encrypted, FALSE otherwise.

fDisableEncryption: TRUE indicates the connection does not need encryption, FALSE otherwise.

fUnused1: Not used.

fHomeDirectoryMapRoot: Not used.

fUseDefaultGina: TRUE indicates to override a third-party GINA so that only the default GINA is used for the terminal server session, FALSE otherwise.<66>

fCursorBlinkDisabled: TRUE indicates disable the blinking of the mouse cursor, FALSE otherwise.<67>

fPublishedApp: Not used.

fHideTitleBar: Not used.

fMaximize: Not used.

fDisableCpm: TRUE indicates disable client printer redirection, FALSE otherwise.

fDisableCdm: TRUE indicates disable client drive redirection, FALSE otherwise.

fDisableCcm: TRUE indicates disable client COM port redirection, FALSE otherwise.

fDisableLPT: TRUE indicates disable client printer (LPT) port redirection, FALSE otherwise.

fDisableClip: TRUE indicates disable client clipboard redirection, FALSE otherwise.

fDisableExe: TRUE indicates disable .exe file execution, FALSE otherwise.

fDisableCam: TRUE indicates disable client audio redirection, FALSE otherwise.

fDisableAutoReconnect: TRUE indicates disable auto-reconnect functionality, FALSE otherwise.<68>

ColorDepth: The color depth of the session.<69>

fInheritColorDepth: Set to TRUE to inherit color depth from the user or client configuration, FALSE otherwise.<70>

fErrorInvalidProfile: Set to TRUE if WFProfilePath, WFHomeDir, or WFHomeDirDrive is invalid (too long), FALSE otherwise.<71>

fPasswordIsScPin: Set to TRUE if the password field contains a smart card PIN.<72>

fDisablePNPRedir: Set to TRUE if Plug and Play (PnP) redirection is disabled, FALSE otherwise.

UserName: The user name used in autologon scenarios.

Domain: The domain name used in autologon scenarios.

Password: The password used in autologon scenarios.

WorkDirectory: The work directory for the initial program.

InitialProgram: The program to run instead of the default.<73>

CallbackNumber: The telephone number that will be returned by the Terminal Services server to the client when the server is unable to complete the connection request from the client. The user on the client side can use this number to call back for technical support.<74>

Callback: The callback class for callback operations.<75>

Shadow: The shadow setting of the session.

MaxConnectionTime: The maximum allowed session connection time setting of the session in milliseconds. The session will disconnect/logoff once the limit is reached.

MaxDisconnectionTimeThe maximum allowed session disconnect time of the session in milliseconds(千分之一秒)The session will logoff once the limit is reached.

MaxIdleTime: The maximum allowed session idle time setting of the session in milliseconds. The session will disconnect/logoff once the limit is reached.(10分鐘)

KeyboardLayout: The keyboard layout (HKL) of the session.

MinEncryptionLevel: The minimum allowed encryption level. Possible numeric values for this parameter include 1 (Low), 2 (Client Compatible), 3 (High), and 4 (FIPS). Detailed description of these encryption levels is included in [MS-RDPBCGR] sections 5.3.1 and 5.4.1.

NWLogonServer: The NetWare logon server name.<76>

PublishedName: Not used.

WFProfilePath: The terminal server profile path. Overrides the standard profile path.

WFHomeDir: The terminal server home directory path. Overrides the standard home directory.

WFHomeDirDrive: The terminal server home directory drive. Overrides the standard home directory.

3)https://msdn.microsoft.com/en-us/library/cc248657.aspx

 

後記:隨便一個 google 相關資料還是很多的,也很權威。沒有了google,或者英語閱讀能力不太好,會產生很大的障礙。

     

 

 


您的分享是我們最大的動力!

-Advertisement-
Play Games
更多相關文章
  • 條件操作符用於比較兩個表達式並從mongoDB集合中獲取數據。 在本章節中,我們將討論如何在MongoDB中使用條件操作符。 MongoDB中條件操作符有: 我們使用的資料庫名稱為"runoob" 我們的集合名稱為"col",以下為我們插入的數據。 為了方便測試,我們可以先使用以下命令清空集合 "c ...
  • 1.創建臨時表空間 (臨時表空間主要用途是在資料庫進行排序運算[如創建索引、order by及group by、distinct、union/intersect/minus/、sort-merge及join、analyze命令]、管理索引[如創建索 引、IMP進行數據導入]、訪問視圖等操作時提供臨時 ...
  • 一、進程狀態 1、查看 watchdog 該進程是否存在,並得到該進程的 ID 父進程 ID [root@Demon home]# ps -ef | grep watchdog root 6 2 0 06:44 ? 00:00:00 [watchdog/0] root 8698 3113 0 14: ...
  • 系統信息 關機 (系統的關機、重啟以及登出 ) 文件和目錄 文件搜索 掛載一個文件系統 磁碟空間 用戶和群組 文件的許可權 使用 "+" 設置許可權,使用 "-" 用於取消 文件的特殊屬性 使用 "+" 設置許可權,使用 "-" 用於取消 打包和壓縮文件 RPM 包 - (Fedora, Redhat及類 ...
  • 系統來自:系統媽:http://www.xitongma.com 深度技術GHOST xp系統旗艦增強版 V2016年3月 系統概述 深度技術ghost xp系統旗艦增強版集合微軟JAVA虛擬機IE插件,增強瀏覽網頁時對JAVA程式的支持,添加安裝華文行楷、華文新魏、方正姚體、漢真廣標等常用字體。以 ...
  • 必備基礎: fork() 創建一個與之前完全一樣的進程,這兩個進程執行沒有固定的先後順序,哪個進程先執行要看系統的進程調度策略。 一個進程調用fork()函數後,系統先給新的進程分配資源,例如存儲數據和代碼的空間。然後把原來的進程的所有值都 複製到新的新進程中,只有少數值與原來的進程的值不同。相當於 ...
  • 一、shell 電腦硬體的直接控制者是操作系統的內核(kernel),因為內核的重要性,所以作為用戶的我們是無法直接操作內核的,所以我們需要shell調用應用程式或者雙擊打開安裝的應用軟體與內核之間進行通信。 shell就相當於是一個介面,連接程式與內核;或者可以說shell是一個辦公桌,給工作的 ...
  • 我的內核版本是: 所以接下來就是先安裝內核源碼: 執行後,/usr/src / 目錄就多了兩個文件夾: 這樣源碼就下載下來了,然後將源碼解壓: 解壓之後 /usr/src/linux-3.13.0/文件夾裡面的就是內核源碼了. 然後再對源碼進行編譯. 先進入/usr/src/linux-3.13.0 ...
一周排行
    -Advertisement-
    Play Games
  • 移動開發(一):使用.NET MAUI開發第一個安卓APP 對於工作多年的C#程式員來說,近來想嘗試開發一款安卓APP,考慮了很久最終選擇使用.NET MAUI這個微軟官方的框架來嘗試體驗開發安卓APP,畢竟是使用Visual Studio開發工具,使用起來也比較的順手,結合微軟官方的教程進行了安卓 ...
  • 前言 QuestPDF 是一個開源 .NET 庫,用於生成 PDF 文檔。使用了C# Fluent API方式可簡化開發、減少錯誤並提高工作效率。利用它可以輕鬆生成 PDF 報告、發票、導出文件等。 項目介紹 QuestPDF 是一個革命性的開源 .NET 庫,它徹底改變了我們生成 PDF 文檔的方 ...
  • 項目地址 項目後端地址: https://github.com/ZyPLJ/ZYTteeHole 項目前端頁面地址: ZyPLJ/TreeHoleVue (github.com) https://github.com/ZyPLJ/TreeHoleVue 目前項目測試訪問地址: http://tree ...
  • 話不多說,直接開乾 一.下載 1.官方鏈接下載: https://www.microsoft.com/zh-cn/sql-server/sql-server-downloads 2.在下載目錄中找到下麵這個小的安裝包 SQL2022-SSEI-Dev.exe,運行開始下載SQL server; 二. ...
  • 前言 隨著物聯網(IoT)技術的迅猛發展,MQTT(消息隊列遙測傳輸)協議憑藉其輕量級和高效性,已成為眾多物聯網應用的首選通信標準。 MQTTnet 作為一個高性能的 .NET 開源庫,為 .NET 平臺上的 MQTT 客戶端與伺服器開發提供了強大的支持。 本文將全面介紹 MQTTnet 的核心功能 ...
  • Serilog支持多種接收器用於日誌存儲,增強器用於添加屬性,LogContext管理動態屬性,支持多種輸出格式包括純文本、JSON及ExpressionTemplate。還提供了自定義格式化選項,適用於不同需求。 ...
  • 目錄簡介獲取 HTML 文檔解析 HTML 文檔測試參考文章 簡介 動態內容網站使用 JavaScript 腳本動態檢索和渲染數據,爬取信息時需要模擬瀏覽器行為,否則獲取到的源碼基本是空的。 本文使用的爬取步驟如下: 使用 Selenium 獲取渲染後的 HTML 文檔 使用 HtmlAgility ...
  • 1.前言 什麼是熱更新 游戲或者軟體更新時,無需重新下載客戶端進行安裝,而是在應用程式啟動的情況下,在內部進行資源或者代碼更新 Unity目前常用熱更新解決方案 HybridCLR,Xlua,ILRuntime等 Unity目前常用資源管理解決方案 AssetBundles,Addressable, ...
  • 本文章主要是在C# ASP.NET Core Web API框架實現向手機發送驗證碼簡訊功能。這裡我選擇是一個互億無線簡訊驗證碼平臺,其實像阿裡雲,騰訊雲上面也可以。 首先我們先去 互億無線 https://www.ihuyi.com/api/sms.html 去註冊一個賬號 註冊完成賬號後,它會送 ...
  • 通過以下方式可以高效,並保證數據同步的可靠性 1.API設計 使用RESTful設計,確保API端點明確,並使用適當的HTTP方法(如POST用於創建,PUT用於更新)。 設計清晰的請求和響應模型,以確保客戶端能夠理解預期格式。 2.數據驗證 在伺服器端進行嚴格的數據驗證,確保接收到的數據符合預期格 ...