[THIN] Re: Does an active session get canceled when the NT account is disabled?
- From: "Beahm, Keith" <kbeahm@xxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 27 Mar 2003 14:15:43 -0600
For anyone else who was curious -
If a session is not limited by TS config policies and is open at the time
the NT account is disabled or deleted - the session does actually remain
open and functional - though honestly we have not tested to what degree it
remains functional (some day maybe, but not for today). And as to the
effectiveness of the session limits on extended sessions - they seemed to
work very predictably and accurately in our tests. Gives the user a 2 min
warning box after the limit is reached before the action is taken.
-----Original Message-----
From: Beahm, Keith [mailto:kbeahm@xxxxxxxxxxx]
Sent: Wednesday, March 26, 2003 8:57 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Does an active session get canceled when the NT account
is disabl ed?
We run multiple Win2K application modes terminal servers for our business
users, and we also have 1 application mode TS for IT administration. The
policy enforced at the "regular" TS level is end disconnected sessions after
10min, never end active sessions, disconnect idle sessions after 30min
limit, and to always override user settings. The IT admin box had none of
these settings in place. Occasionally we see an abuse of these flexible
settings on the admin box - the user's will leave sessions open on their
home PC's for multiple days running (and they are not telecommuting).
The question is this : Lets say we were to leave the policy differences as
above, and employee Bob has a current session on the admin server running
from his home PC. Then we disable his NT account (i.e. he is terminated),
what happens to his current active TS session? Does it get forcibly cut off
at some time interval, or does it continue to run forever based on his
original authentication and login under a previously valid account?
And what if the policies were the same based on the "regular" TS boxes -
then would that make a difference, provided that he were "active" often
enough to prevent the idle time limit being reached. Does anyone know of
legitimate (or not) utilities that can "fool" the TS idle detection into
believing the user session is always active?
Keith Beahm, Network Engineer
Stinson Morrison Hecker, LLP
kbeahm@xxxxxxxxxxxxxxxxx
816.691.3374 Desk
816.918.0988 Cell
140*73*707 Nextel
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
