Userlock – Restricting Number of Remote Desktop Sessions Per OU

This was a rather interesting project I took on.  The project was created to monitor and restrict how many Remote Desktop sessions were permitted to logon based on configuration per-OrganizationalUnit (OU) in Active Directory.

There are 2 parts to this.

  1. Userlock – the GUI management part
  2. sessioncheck – the executable that needs to be set to run for each user login and logoff script on a RDS Host.
    Syntax of sessioncheck: sessioncheck logon or sessioncheck logoff

Userlock GUI

sessioncheck pops up a notification message box upon logon if there are no available slots left for “Max Sessions” and then logs the user immediately off the RDSH.

sessioncheck and Userlock GUI utilize a MSSQL Express database to store session data and check configurations for Maximum limits.

It works surprisingly well.  If you might be interested in this project for use at your organization, there are some code changes I’d need to make for more portability outside my environment, but it’s doable.

Leave a Reply

Your email address will not be published. Required fields are marked *