Deny Logon Requests to a Terminal Server

Applies To: Windows Server 2008

In Windows Server 2008, you can configure a terminal server to deny logon requests from new users. With the ability to deny logon requests from new users to specific servers in a farm, you can maintain your terminal server environment without disrupting end-user service. If you configure a terminal server to deny new logon requests, the following behavior occurs:

  • Users with existing sessions can still reconnect to the server. Only new logon requests to that server are denied. However, an administrator can still log on to the server locally to perform maintenance on the server.


An administrator can also connect remotely by starting the RDC client from the command line with the /admin option (mstsc /admin).

  • If you are using TS Session Broker Load Balancing, TS Session Broker will redirect new users to other servers in the farm, where new user logon requests are enabled.

Before you take a server down for maintenance, you can notify users with existing sessions to log off from the server by using Terminal Services Manager to send a message.

To deny new user logon requests

  1. Click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.

  2. In the Edit settings area, double-click User logon mode under General.

  3. On the General tab, click either of the following:

    • Allow reconnections, but prevent new logons

    • Allow reconnections, but prevent new logons until the server is restarted

  4. Click OK.

    When you are finished doing maintenance, ensure that Allow all connections is selected.