The Use of Tscon.exe Can Leave a Previously-Locked Console Unlocked


Summary


If a remotely owned console session is sent to the physical console of the computer by the use of Tscon.exe, the session is left unlocked. Because of this behavior, you have to be careful when you use Tscon.exe so that you do not leave a previously locked server in an unlocked state.

More Information


For example, this behavior would occur in the following scenario:
  1. Log on as Administrator to the console session of the Windows Server 2003 Advanced Server, and then lock the console session.
  2. From another computer, connect by using Remote Desktop to the Windows Server 2003 Advanced Server computer with the Administrator account. This creates session 1 on the Windows Server 2003 Advanced Server computer.
  3. Use Tscon.exe to connect session 1 to the console session, which is session 0. This causes the Windows Server 2003 Advanced Server computer to be locked at the console. To do this, type tscon console at a command prompt from session 1.
  4. From the computer that you used in steps 2 and 3, start another Remote Desktop session and connect to the Windows Server 2003 Advanced Server computer again; this should create session 1 because the session that you created in step 2 has been attached to session 0 (the console session).
  5. From session 1, use Tscon.exe to connect session 0 to the console by typing tscon 0 /dest:console at a command prompt from session 1.
  6. Now the console is unlocked.