Main Webpage

Features

    Terminal Services Bulletin Board
    Links and Downloads
    Matthew Harris' Resume
    Contact the admin

Hacks

    Disable the X box on the Terminal Services Client
    Change the client version of the Terminal Services Client
    Add the clock to the taskbar through the registry
    Make all processes appear in the Task Manager through a registry hack
    Prevent disconnects and stabilize your terminal services connection
    Fix your TSAdmin application when it becomes nonfunctional on the taskbar
    Disable/Enable all terminal services logons through the registry

Scripts

    Restrict users to one session and reconnect them
    Share the redirected printer automatically
    Map your client's printer to an LPT port
    Rename client redirected printers
    Restrict users to only one terminal services session
    Automatically connect disconnected users back to their sessions
    Force software license compliance through a script
    How to reset all your TS sessions at once

Hard to Diagnose Problems

    Incorrect IE permissions can disable opening new IE windows

How to disable/enable logons to your terminal server through the registry


In this article, I'll quickly discuss how using a single registry hack, you can completely disable or enable logons to your terminal server from all clients.

Prerequisites:
ĽA running terminal server that needs to have its logons disabled
ĽA registry editor, like regedit.exe

Section 1: The hack:
In the registry at HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, edit the string value of WinStationsDisabled and set it to 1. This will effectively disable all remote terminal services logons to the server. Beware though, as disabling all remote terminal services logons can possibly lock you out of your terminal server, especially if you only have access to the server through terminal services. If a person attempts to connect to your server while WinStationsDisabled is set to 1, they will successfully connect, but instead of seeing an authentication box, they will receive an error message saying, "Remote logins are currently disabled." Performing this hack will not prevent people from connecting to port 3389 on your terminal server.

Section 2: An alternative hack:
If you are running Windows Server 2003, and you want to disable/enable logons to your terminal server while you are in remote administration mode, then you can do a similar hack. In the registry at HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server, edit the DWORD value of fDenyTSConnections and set it to 1. This will effectively disable all remote admin terminal services logons to the server. Just as before, beware that disabling all remote terminal services logons can possibly lock you out of your terminal server, especially if you only have access to the server through terminal services. Setting fDenyTSConnections will effectively disable the RDP listener on port 3389, thus making it impossible for users to connect on that port.

For both these hacks, you can also enable terminal services by doing the opposite. Instead of setting your desired regsitry entry to 1, set it to 0.