Unplug the network cable?

Oh yeah for sure. I uninstalled Arcserv as soon as I got my job.

I need to do work remotely on the server but keep others off. So that won't work!

Have your own cable connected directly to the server, innit. Also, make sure it's trailed across the office so that it's a trip hazard.

We use Arcserv at work. It's um, yeah... I'll get back to you on that one.

I'm working on it from home. I would require a pretty long cable!

You work from home at weekends?!

Damn, I hope they're paying you enough :|

I work from home evenings and weekends all the time. It's the only time I can get my maintenance in!

They don't pay great, but for the area it's enough.

Oh, and I guess the best /and/ funnest way to take care of it is to just boot users off without warning. They love that!

This'd take some work. but you could configure multiple IP's (or NICs) and do quasi out-of-band management.

 

So, each server has two IP's - a 'public' one (The current one, registered in DNS etc) and a 'management' IP which isn't registered in DNS (This is important!!). When you want to do maintenance just disable the public IP.

 

The ideal would be two NIC's running on two different VLANs, but it'd still work on a flat network.

 

Other than that I don't know of a generic way to disable logons, unless you can do something application specific (I.e., disable a share, or disable terminal services if it's a terminal server etc)

P.S, regarding my post above I assumed your servers don't have something like HP's iLO, or Dell's DRAC?

They do but I rarely use them.

You would think there would be an easy way to do it. I would have thought a GPO would do it, and it still might, but that's still a cludgy way to take care of it.

Problem is, it kind of makes no sense. Try and "define" what you mean - do you mean that the computer shouldn't provide any services - what about websites, etc? Do you mean non-admins shouldn't log on at the console? Remotely? Do you mean file shares should be inadmissible?

 

I don't see how it'd be feasible for MS to provide a switch to do what you need as it's so dependent on individual use cases.

Access list on the Cisco switch it's attached to. Easy.

 

What do you mean it's not a Cisco switch?

I'd strangle anyone making substantial network changes for such a temporary thing. I realise he doesn't have to commit them, but still.

 

Besides, he's probably going to be accessing it from the same IP range as his users if he's VPNing in.

That's what named access lists are for. And besides, it's his network. He'd only have himself to shout at.

Fair point, I just see network technology as something to fit and forget, save changing VLANs on ports etc.

I don't, but then I rely on it to pay my rent, so changes tend to be fine by me. Up to a point. That point being where I can't figure out how to fix what I broke.

I mean when I am installing updates or increasing drive sizes or things of that nature I'd not like people on the server. It's a terminal server. The others don't get logged on other than by me.

I'd like to block everything but printing really until I'm done working on it, but I suppose shares would be ok. The problem with that is if someone has a doc or spreadsheet open and I reboot the server they will panic and close it and lose their work.

There should be a maintenance mode like there is in Esxi.

Nope not a Cisco switch, just a Cisco router.

Terminal Server, why didn't you say? What OS is it?

 

http://blogs.msdn.com/b/rds/archive/2007/06/15/introducing-terminal-services-server-drain-mode.aspx

 

Does that point you in the right direction?

No idea why I didn't mention that. And that looks perfect!