This sounds like a good use for a flag file. If you create a scheduled task that runs on a repeating / continuous basis, it can look for a file which contains the login name(s) of any sessions that need to be killed. That file can be stored on a share which is accessible to your unadmin user, who can edit the file as required. The next time the task executes it parses the file and kills any session with that login name. Have it run on all servers if required or make the task to the search, whatever works best for you.
-- There are 10 kinds of people in the world... those who understand binary and those who don't. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Tuesday, February 14, 2017 12:50 PM To: [email protected] Subject: Re: [NTSysADM] Managing RDS 2012 sessions from Win 7 On Tue, Feb 14, 2017 at 8:24 AM, Michael Leone <[email protected]> wrote: > On Tue, Feb 14, 2017 at 1:00 AM, Kurt Buff <[email protected]> wrote: >> Of course - but he'll need that regardless of whatever method you use. > > Yeah, I know. But what I don't know is what ID/password he can use > (i.e., what rights does the account need to be able to do this? And > what can he then also be able to do, since he now knows an account > that has some elevated privileges? Or is there some way I can grant > his account the right to kick people off the RDS sessions, but not do > anything else, like being a local admin on the server or something > ...) Oh, and just to make it more interesting .. I have a 3 server farm. So I'd also need some way to query either each server, and find the ID to be logged off. I can't just give it the RDS farm name, and have it kill the correct process ... Oy I don't foresee any easy way to do this, not from Win 7, at least. I'd have to cobble together some script to query all 3 servers, find the offending ID, and then remotely kill it (after first figuring out how to grant just "kill remote session" rights to the logged in user running said hypothetical script) ... > > >> >> Kurt >> >> On Mon, Feb 13, 2017 at 11:42 AM, Michael Leone <[email protected]> wrote: >>> On Mon, Feb 13, 2017 at 2:03 PM, Kurt Buff <[email protected]> wrote: >>>> "psexec \\RDSmachine.example.com logoff userid" >>> >>> Wouldn't he need to specify a username/password to log off this other user? >>> >>>> https://technet.microsoft.com/en-us/library/jj215468.aspx >>> >>> I will look into it, thanks >>> >>> >> >>
