How to disable RDP "Login" screen

Discussion in 'Networking & Security' started by Adam, Feb 11, 2012.

  1. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    So I do a lot of DVR's and I have a school that is giving us RDP access so we can login to our DVR for maintenance. Thats great. But problem is whenever we login via RDP, the end-users screen goes to that "locked" screen so they can't see anything. Then once we logout, the end-users screen is at the login screen.

    Not exactly a good scenario for a DVR. The end-user must be able to

    1) see what we are doing on the DVR while we're in it (this way they can still see their cameras)
    2) Once we logout, it should be left like it was when we logged in, meaning back in windows, without a user-login screen

    Anybody know how to fix this? I don't use RDP a lot because it makes me log-in... this causes issues when im logging into SOME server software (where the server itself is logged on, running a database tool, but when we rdp in, it basically logs us in as that user again, and the database software doesnt run... and it won't re-run until we log back in at the terminal, after the RDP sesssion is over)
     
  2. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    You'll have to use some 3rd party software like ultravnc
     
  3. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,646
    Joined:
    Dec 13, 2005
    What OS?

    If a client OS (XP - 7) you can either log in locally or through RDP, not both. Otherwise you see what you are seeing. For a server OS you can log in a few times through RDP and still be logged in locally but everyone needs to be using different usernames
     
  4. schnell

    schnell Gawd

    Messages:
    763
    Joined:
    Jul 22, 2005
  5. calvinj

    calvinj [H]ard|Gawd

    Messages:
    1,738
    Joined:
    Mar 2, 2009
    Vnc change the port if your accessing it from outside their network .
     
  6. ltickett

    ltickett [H]ard|Gawd

    Messages:
    1,125
    Joined:
    Jul 27, 2000
    I haven't tried this but maybe mstsc /console will achieve this
     
  7. gimp

    gimp [H]ardForum Junkie

    Messages:
    9,849
    Joined:
    Jul 25, 2008
    RDP'ing to an un-hacked XP box alrady connects to the console session (since only 1 RDP session is allowed).

    3rd party or Remote Assistance are your options.
     
  8. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    When i said we're using RDP, i meant that, can't use VNC. It has to be RDP as thats all they are opening up for us. I mean i dunno if they'll KNOW if i use VNC (just disable rdp and setup VNC on the RDP port), but let's just say they make us use RDP and i have to use RDP.

    Its a windows xp system im logging into, from a windows 7 machine.
     
  9. JTY

    JTY 2[H]4U

    Messages:
    2,291
    Joined:
    Aug 4, 2002
    There is no way to do it with RDP. Client OS only supports 1 session at a time. This would be a good use for LogMeIn or similar, which use screen sharing so both you and the local user can see the screen.
     
  10. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,646
    Joined:
    Dec 13, 2005
    Vnc isn't very secure so that is probably why thy blocked it and limited you to rdp. Used to be that VNC did everything in plain text. Newer real VNC and other VNC software might allow you to secure that some now not sure.
     
  11. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    We've used logmein, but the school had some kind of security audit and disabled our logmein access, sited the only access they will give us is via RDP, which will not help us. I guess what i'll end up doing is RDPing into a system of ours that has no monitor/keyboard and i'll then pc anywhere into the DVR i need to work on... pain in the neck but hey its all i can do
     
  12. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Then you are out of luck.

    Closest thing you could do, utilize Windows Remote Assistance.....if you're doing this on a LAN, create a share on that DVR rig, whip up the Remote Assistance request, save as a file..plop the RAassist file on that share..have the remote guy click it...and it opens up a TSWeb like connection that you can both use (host and remote).
     
  13. Jay_2

    Jay_2 2[H]4U

    Messages:
    3,583
    Joined:
    Mar 20, 2006
    Get a teamviewer license, that would sort your issues and I doubt they will need to open any ports for you at all.
     
  14. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,646
    Joined:
    Dec 13, 2005
    But if they don't want that software on that network then you can't install it.

    maybe it is just me, but I have never liked the idea of putting software on any of my network computers that would give some other company the ability to take full control of my computers whenever they want. So I've been very uneasy about the thought of using anything like teamviewer, logmein or the rest of those services.

    When you are using somebody else's network you have to play by their rules. If they only want you to use RDP then you need to figure out a way to use it to where it will do what you need as close as possible.
     
  15. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    No it wont, their firewalls block everything but what they allow
     
  16. Grimham

    Grimham [H]ard|Gawd

    Messages:
    1,415
    Joined:
    Jul 20, 2004
    Teamviewer doesn't need to be installed, it can run in memory.

    Also, i'm wondering if concurrent RDP would work. I've done it at home with no issues.
     
  17. nessus

    nessus 2[H]4U

    Messages:
    2,221
    Joined:
    Jan 30, 2001
    If they are only allowing RDP, they know what its limitations are and are willing to accept the consequences which are:


    1) they can't see what we are doing on the DVR while we're in it
    2) Once you logout, it will be at a locked screen

    There is no problem, the functionality is being limited by the functionality of the OS being used and their security decisions, so they have to live with it.

    Unless they are willing to run some other software that only allows session based screen sharing access when the user grants it, like Skype, webex, or a similar application. That's the result.
     
  18. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    That just turns a desktop OS into a terminal server....which breaks Microsofts EULA licensing. It behaves like a terminal server....so person sitting at local console cannot see what remote users are doing, visa vesa. And the next service pack just overwrites it.
     
  19. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    Teamviewer would most likely be able to bypass any firewall. Same as LogMeIn. We use all Cisco ASAs at work with heavy, heavy firewalling and Teamviewer can still pass through. If they need anything changed, get them to open up Teamviewer, give you the number and password, you do your stuff, and then they close it. Next time they do the same thing but they get a different number/password.
     
  20. Jay_2

    Jay_2 2[H]4U

    Messages:
    3,583
    Joined:
    Mar 20, 2006
    You will find that if they use NAT teamviewer will still probably work
     
  21. Paully's5.0

    Paully's5.0 Limp Gawd

    Messages:
    398
    Joined:
    Jun 18, 2002
    For the RDP lockout you can do this when you "log off" of your RDP session

    run the command "tscon.exe 0 /dest:console"

    This will log your RDP session off, and automatically log on the local session. I use this all the time when doing remote support through RDP.

    Granted they still can't see what you are doing when you are logged on, but at least you can give them back control when you are finished.

    As someone else said, it's a constraint of RDP, and it is up to their IT staff to provide other options if the end user doesn't feel RDP is appropriate.
     
  22. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    Thanks Paully that will actually help me bigtime, it'll even help me for when my office users login to a server we all share for alarm stuff.

    To everybody else: Thanks for the comments but honeslty i wish people would read the original posts. When i asked for a solution regarding RDP i wasnt asking for ALTERNATE methods, i know alternate methods. I asked a specific question and honeslty only a few people stayed on point, i had a lot of people tell me 'try team viewer" or "try log me in" thats not what i was asking, i was asking specifically about RDP.

    Thanks Paully for at least one solution, and to those who tried to come up with ways around it but were unsuccessfull.
     
  23. Quartz-1

    Quartz-1 [H]ardness Supreme

    Messages:
    4,257
    Joined:
    May 20, 2011
    Can you not use VNC on the same port as RDP?
     
  24. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    Sigh, quartz your not reading my original post are you... the post is about RDP, nothing else, no vnc no pc anywhere nothing else. RDP - I did not ask "can i use another product on RDP ports" i asked how to disable certain things within RDP... again i appreciate you trying to help but nobody really read my original post
     
  25. WesM63

    WesM63 2[H]4U

    Messages:
    3,265
    Joined:
    Aug 29, 2004
    This might come off as a bit dick-ish but this drives me crazy.

    If you or your company installed these DVR's and manage them remotely, YOU should have the solution and present it to the client. That is your JOB.

    Weather it be a alternate solution to RDP, the correct OS to begin with, etc. That is your JOB. If you can't do your JOB correctly, I would (as the client) be looking for another person/company.

    I read the thread and as others mentioned, its a limitation to RDP. Paully has the best "solution", even though I don't agree with his last line.
     
  26. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,646
    Joined:
    Dec 13, 2005
    I disagree, I will agree that you would have some control, but a company should not have to undo all their security because you aren't able to figure out how to do your job correctly. That is the reason so many companies have security breaches.

    No offense to you Adam, as you are doing the right thing asking about how to work within your guidelines. That is more aimed to those doing as you said and telling you other ways other than using RDP and how to get around the security polices they want you to use.

    How RDP "should" work on a client. If user A is logged in locally and user B tries to log in through RDP then A's session is locked while B is logged in. If A logged back in then B will be kicked. If you A is logged in and you try to log in through RDP as A then you take over the session that A had started. I do this all the time, log into my computer and start working on something, go elsewhere and log in and take over my session through RDP to work remotely then later log back in locally and work from there. For your server if you are using the same username you should see the same thing there. You shouldn't see different sessions for the same user.
     
  27. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    Actually your running your mouth. I already explained the client is giving us RDP access and that is the ONLY kind of RDP access they can give us. I am fine with that, however im trying to figure out if there is a WAY to get it so once i close my RDP session, windows loads back up... if you read my original post i was asking for the following:

    1) see what we are doing on the DVR while we're in it (this way they can still see their cameras)
    2) Once we logout, it should be left like it was when we logged in, meaning back in windows, without a user-login screen

    I DID NOT ask for ALTERNATE METHODS. I specifically said I have a school that is giving us RDP access so we can login to our DVR for maintenance. Thats great.

    When we need remote access to any of our clients, we figure out a solution. HOWEVER certain clients (like schools and other large corporations) have limited access. Most of the bigger clients set us up on a VPN and then we can use whatever we like, as we join their network. SOME split off their network so the cameras are on a different network. Others tell us what we can use IF we want access (like this school they are letting us in via RDP). Im just trying to figure out ways to use RDP and allow the end-user to still see their cameras while we are doing work (because the schools have a "spot" monitor that shows the live cameras on a 2nd monitor, once RDP session is in, the screen goes black, and they cant see their cameras).

    I found at least one solution to when I EXIT my session, thanks to Paully, i guess theres no solution to the "mirror" effect. So our work will be aimed when school is out, at least we can exit properly now so that the DVR shows the cameras after we are done.
     
  28. Sjakie

    Sjakie n00b

    Messages:
    40
    Joined:
    Dec 14, 2011
    Does everything start up right away? Reboot the box after you're done with auto-login.

    It's a poormens solution, no idea if it's possible to script something to re-connect the console session.
     
  29. Adam

    Adam [H]ard|Gawd

    Messages:
    1,592
    Joined:
    Jan 9, 2003
    Yeah i can reboot it, thats been a thought, dont wanna hafta but if that script paully recommended doesnt work, what i'll most likely do is RDP into a box that nobody monitors, then use pcanywhere locally to go to the other system
     
  30. Paully's5.0

    Paully's5.0 Limp Gawd

    Messages:
    398
    Joined:
    Jun 18, 2002
    Glad I was able to give you a partial answer to your original post.

    Just a note, the command I gave is for windows XP, if you are RDPing into Windows 7 there is a slight variation:

    "tscon.exe 1 /dest:console "
     
  31. scottatwittenberg

    scottatwittenberg 2[H]4U

    Messages:
    3,306
    Joined:
    Apr 10, 2002
    As far as your issue with multiple people logged into a server with RDP, you can go to task manager, then users, and log out the other sessions (such as console). I have to do that quite often.
     
  32. Protoform-X

    Protoform-X [H]ard|Gawd

    Messages:
    1,203
    Joined:
    Jan 30, 2002
  33. cytech

    cytech Limp Gawd

    Messages:
    284
    Joined:
    Nov 20, 2007
    you can shadow a rdp session, but afaik only if the machine in question is server.
     
  34. Nate7311

    Nate7311 2[H]4U

    Messages:
    3,312
    Joined:
    Jan 11, 2001
    can you explore your statement about only getting RDP access a bit further? Are they just forwarding port 3389 or can they restrict the App used for remote connectivity as well?

    Assuming it's just a basic port forward, there are a variety of RC apps that you can customize the active port on...