Enterprise Mobility and Security Blog

RSS

 

This article describes a few behavioral differences between Windows Server 2003 and Windows Server Codenamed Longhorn in Remote Administration mode. Note that these changes will be available in Beta 3 and later builds.

 

Architectural change – Session 0 Special-ness

 

In Windows 2003, the session 0 is always associated with session on physical console. When user logs on to physical console or connects remotely using /console, she gets session 0.

 

In Longhorn, session 0 is not an interactive session anymore. It hosts only services. The first interactive user session is session 1, no matter whether user is logged on to physical console or connected remotely. The second interactive user session is 2 and so on. The session IDs are reused as users log off and previous sessions are terminated.

 

Reconnecting to session 0 from another session by any means, such as tscon.exe, is denied in longhorn server.

 

 

Reconnecting to your session on physical console

 

In Windows 2003, administrators typically use /console to reconnect remotely to their session on physical console. In Longhorn, /console switch is ignored in remote administration mode. The session obtained by connecting using /console is just like another remote session.

 

Reconnecting to your session on physical console (or any of your sessions for that matter) is driven by “Restrict user to one session” policy. This policy value can be set using tsconfig (under “Edit Terminal Server Settings” – “General” section). There is also a group policy for this which can be edited using gpedit.msc (navigate to Computer configuration – Administrative templates – Windows components – Terminal Services – Terminal Server – Connections).

 

The default value for this policy is 1, which means each user is restricted to one session. So, you do not need /console to reconnect remotely to your session on physical console, unless you modify this policy value. Here is the scenario and behavioral difference in Windows Server 2003 and Longhorn.

 

Scenario:

You are logged on to physical console of the server.

Now you (using same user account) connect remotely to this server.

 

Windows Server 2003 behavior:

 

If you use /console while connecting, you will get reconnected to your session on physical console. If you did not use /console while connecting you will get a new session. It does not matter what the value of “Restrict user to one session” policy is.

 

Windows Server Codenamed Longhorn behavior:       

 

If “Restrict user to one session” policy is ON, you will get reconnected to your session on physical console. Note that you do not need to specify /console anymore to reconnect remotely to your session on physical console.

 

If “Restrict user to one session” policy is OFF: If your session on physical console is active, you will get a new session. If your session on physical console is in disconnected state, you will get reconnected to that session.

 

Note that this behavior applies no matter whether you specified /console or not while connecting.

 

If “Restrict user to one session” policy is OFF and you want to get back to your session on physical console:

 

  • Within your second session, type “qwinsta” to list all the sessions.
  • You should see your session listed as active and named “console”. If that is the case, you can simply type “tscon console” to reconnect back to your session.
  • If your session on physical console was disconnected for some reason (e.g. someone switched user on physical console after your remote logon), get the session ID associated with your other session and type “tscon <session ID>” to reconnect back to that session.