job.answiz.com
  • 3
Votes
name

Is there any impact on the server performance in case I don't log off after having used Remote Desktop Connection?

Sorry to disagree with some of the above, and I know questions like this always bring out references to "best practices", personal preferences, Etc., but apart from the memory footprint on the remote server and the potential for one of the administrators' desktop processes producing unexpected CPU load, the biggest risk is one of security.

And, whether you're using RDP or RS/AT, it's the same issue. If you have an administrative token in-play, and the token lifetime is protracted, the risk of token stealing is higher than if you don't remain logged in with an administrative token.

Long story short, use low-privilege accounts for as much as possible, and only logon/escalate to a administrative token when absolutely necessary.

It's all too easy to use tools such as incognito to steal a token, and replay it against another system

  • 1
Reply Report

This might be slightly off-topic, but anyway:

It's considered a good practice by all the administrators I know to logoff when your done. Although the performance gain probably is neglible, there are other things to consider:

  1. A logged-on session tells other administrators that you're working on that server.
  2. By logging off when done, you work in a structured way (disregarding any "administration servers" from this rule, of course).
  3. The more processes running on a server, the larger the chance of memory leaks.
  4. Especially for virtual servers and graphic-intensive consoles, there is actually a measurable RAMpenalty in large environments with a lot of lingering RDP sessions.

In short, do your fellow administrators a favor and log off. Everybody wins.

  • 1
Reply Report
name
  • 1

Yes there is an impact. Yes it is recommended that you log off. If you don't log off, all of the resources (such as RAM) that it took to sustain your interactive user session stay in use. You keep one of two administrative connections in use so that others can't connect.

What's actually recommended is to not RDP to your servers at all. This is what the Remote Server Administration Tools and Powershell Remoting are for.

I also wish to say that there is a much larger security risk involved when you log in via RDP versus a network logon, e.g. through RSAT/MMC.

  • 1
Reply Report