INFORMATICS

The Best

How to see users' idle time on RDP server

Звезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активна

How to see users' idle time on RDP server

Query User / QUSER.exe

Using the quser command, you can view when a user RDP session was started, how long it was idle and the current session state.

Syntax

 

QUERY USER [/server:ServerName]

QUERY USER UserName [/server:ServerName]

QUERY USER [SessionName | SessionID] [/server:ServerName]

quser [<username> | <sessionname> | <sessionID>] [/server:<servername>]

Parameters

 
ParameterDescription
<username> Specifies the logon name of the user that you want to query.
<sessionname> Specifies the name of the session that you want to query.
<sessionID> Specifies the ID of the session that you want to query.
/server:<servername> Specifies the Remote Desktop Session Host server that you want to query. Otherwise, the current Remote Desktop Session Host server is used. This parameter is only required if you're using this command from a remote server.
/? Displays help at the command prompt.

Remarks

  • To use this command, you must have Full Control permission or special access permission.

  • If you don't specify a user using the <username>, <sessionname>, or sessionID parameters, a list of all users who are logged on to the server is returned. Alternatively, you can also use the query session command to display a list of all sessions on a server.

  • When quser returns information, a greater than (>) symbol is displayed before the current session.

Display information about user sessions on a Terminal server or a Remote Desktop Session Host (RD Session Host) server.
Key
   UserName    The logon username of the user whose sessions you want to query.

   SessionName The name of the session that you want to query.

   SessionID   The ID of the session that you want to query.

   /server:ServerName
               The Remote Desktop Session Host server to query.
               The default is the current server.

   /?          Display help.

QUERY USER is a synonym for QUSER.exe

Available to 64 bit sessions only, there are no 32 bit implementations of QUSER.exe (QUERY USER).

Query User returns the following information:

  • The name of the user
  • The name of the session on the RD Session Host server
  • The session ID
  • The state of the session (active or disconnected)
  • The idle time (the number of minutes since the last keystroke or mouse movement at the session)
  • The date and time the user logged on

If you do not specify a user by using UserNameSessionName, or SessionID, a list of all users who are logged on to the server is returned. Alternatively, use query session to display a list of all sessions on the server. When information for multiple users is returned, a greater than > symbol is displayed before the current session.

A user can always query the session to which the user is currently logged on. To query other sessions, the user must have Query Information special access permission.

The User Access permission type grants the following special permissions: Query InformationLogon, and Connect. These special permissions allow a user to: Log on to a session on the terminal server. Query information about a session. Send messages to other user sessions. Connect to another session.

Permissions are set under:

Terminal Services Configuration ➞ Connections ➞ Properties ➞ Permissions ➞ Advanced ➞ Permissions

PowerShell

When running quser under PowerShell it is useful to split the output into rich objects, this can be done with a regex and ConvertFrom-Csv:

(quser) -replace '\s{2,}', ',' | ConvertFrom-Csv

Alternatively the script Get-LoggedOnUser.ps1 will also show disconnected sessions.

Examples

Display information about all users logged on the system:

C:\> query user

Display information about the user ursula on server64:

C:\> quser ursula /server:Server64

 

Enable or Disable RDP - Registry (Windows)

Звезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активна

nable or Disable RDP - Registry (Windows)

Method 1: CMD

You can use the change logon command to display the status of current logons or to disable and enable logons from Terminal Services clients.

When you disable logons, current users are NOT affected, but new client sessions will NOT connect to the server.

NOTE: You must have administrative privileges to use the change logon command.

When you open a CMD prompt on the terminal server and type change logon /?, you receive:

Enable or disable session logins.

CHANGE LOGON \{/QUERY | /ENABLE | /DISABLE\}

  /QUERY    Query current session login mode.
  /ENABLE   Enable user login from sessions.
  /DISABLE  Disable user login from sessions.

NOTE: Logons from the console session are not affected. 

NOTE: If you restart the server, logons are enabled. 

NOTE: If you disable logons from a client session and then log off, you must log on to the console to enable further logons.

NOTE: When you disable logons, you receive: Session logins are currently DISABLED. When you enable logons, you receive: Session logins are currently ENABLED.

NOTE: When logons are disabled, a client attempting to connect will receive:

Remote logins are currently disabled.

 

Method 2: Using Registry

Allow or prohibit Remote Desktop connections to your Windows machine through Command Prompt or PowerShell.

Run the required command from shell with Administrative privileges.

To enable RDP:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

To disable RDP:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

Solution

Often administrators need to have exclusive access to the server and be able to block such access by users. In such situations, it is required to temporarily disable logging in via the RDP protocol. We do this with the commands shown.

 

Method 2:  Using PowerShell

To enable RDP with the PowerShell, use the following steps.

Option 1

To enable RDP:

  1. Launch PowerShell as Administrator.
  2. Type the following command and create a script block and use the Invoke-Command cmdlet:

NOTE:  Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections.

Type the following:

To disable RDP with the PowerShell, use the following steps.

  1. Launch PowerShell as Administrator.
  2. Type the following command:

 

Method 3:  Use Group Policy

If you have numerous Servers and/or Workstations that you need to enable RDP on and they are in the same Organization Unit structure in Active Directory you should enable RDP through Group Policy.

To enable RDP Using Group Policy.

  1. Launch the Group Policy Management Console (GPMC)
  2. Either edit an existing Group Policy Object (GPO) or create a new GPO.
  3. Navigate to the following GPO node:

Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections

Best remote desktop software of 2020

Звезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активнаЗвезда не активна

Best remote desktop software of 2020
RemotePC
Zoho Assist
LogMeIn Pro
Connectwise Control
Parallels Access
TeamViewer
Chrome Remote Desktop
Remote Desktop Manager
Splashtop
RemoteUtilities for Windows

Search