Emerson Exchange 365

Single RDP Session To Server 2022 Machines

Is there a setting that can disable the DeltaV Logon from popping up the session based RDS login to server based machines?

Microsoft allows the single RDP session still, hope this is just a minor configuration issue and not a new licensing "feature".

I would like users to be able to hop in a remotely access a server without going down to the host level and opening a console to the machine via HyperV.

Do not want anyone on the host at all who is not there doing administrative tasks.

The machines are all built off the S2022 templates for V15LTS with DVS for HCI. Mainly ProPlus/App stations.

W10 based RDP access is working as it always has.

ElectroTech

• 13 Dec 2023 3:46 AM
• Cancel

2 Replies

• Neil Castro

  

  • 2 Jan 2024 2:53 PM

  Unfortunately DeltaV / Windows detects whether an RDP is connecting to a server OS or a workstation OS. Whenever RDP or DRDC is connecting to a server OS DeltaV will ask for the remote session but when connecting to a workstation OS it will not show the remote session drop down list.
  
  In my experience, live plants only allows accounts with administrative privilege to login to the ProPlus/Application stations (server OS). Any non-administrative work can be done in the operator/pro stations (OWS).
  
  I have not yet found a setting that would eliminate the remote session drop down list when connecting to a server OS machine. One solution is to trick the RDP or DRDC that it is connecting to a workstation OS but I do not know how to do it.
  
  Hope this helps.

  • Cancel
• Andre Dicaire

  

  • 2 Jan 2024 4:28 PM

  In reply to Neil Castro:

  The use of RDP on a server requires the server to have the RD role enabled, allowing sessions for normal user access to RDP. The console session or session 0, which is what the local monitor/keyboard connects to, is not accessible via RDP, so you need a session on a server. The exception as Neil mentions is for system administrators (Windows administrators) who are allowed to remotely access the server even if it does not have the RD Role enabled. This connection is to session 0, and would kick out the local user if someone was logged on via the local server monitor.
  
  The behavior was introduced in server2016. You should not be using a Windows Administrator for your regular DeltaV Users. This is a big security risk that would grant system admin privilege to any malware initiated while logged in with that account. Your DeltaV administrator does not need Windows Admin, or if they do, they should not be used for normal DeltaV work. If you follow this practice, your DeltaV users would not be able to access the session 0 of the server,
  
  If you need to have RDP access to a Server, like the Pro Plus, you can install the RD role on the machine and license the Remote Client sessions as needed. Or, you can install the Pro Plus as a Workstation. With the IDDC architecture, your pro plus is not longer a Domain Controller and does not need to be a server, unless you need:
  1. VCAT (requires SQL Server which requires Server OS)
  2. Multiple RDP sessions (Remote Client)
  
  Standing up the Pro Plus as a Workstation would allow RDP sessions to this machine like any other DeltaV workstation. One user at a time, and no Admin privileges. The benefit of the workstation is that it can be a dual or quad station. (Servers do not come with video cards to support multi monitor). Also, this single session can be remotely accessed though not concurrently. only one location at a time. This is fine on smaller systems.
  
  DRDC is primarily for Thin Client network clients and manages the redundant connection to the VM workstation. If the Thin Client is connecting over a simplex plant LAN, The RDP client does not require DRDC. A standard RDP connection will work. However, you still have to select a Remote Session to successfully logon to DeltaV and gain access to the DeltaV applications.

  Andre Dicaire

  • Cancel