Allow non admins to manage RDS connection

I had a server 2016 RDS server using a combination of Terminal Servers and remoteapps, and we had a user that wanted the ability to log users off.  The user in question was not a local admin on the server, so I created an AD group, added her and ran the following command from an elevated prompt on the RDS Server:

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName=”RDP-Tcp”) CALL AddAccount “anonit\USR-SEC-AllowRDSLogoff”,2

Where anonit\USR-SEC_AllowRDSLogoff is the group that would have permission to logoff users.


This ONLY takes affect once the accounts have logged in.  eg:  User1 is the kicker and User2 is the kickee.  Once I’ve modified the server, User1 doesn’t have permission to log User2 out until User2 has initiated a new logon session.


References: (explains the magic number 2)


Leave a Reply

Your email address will not be published. Required fields are marked *