Solved

Terminal services timing out and locking user screens

Posted on 2004-08-23
6
177 Views
Last Modified: 2010-04-19
We have recently upgraded from W2k to 2003 Server and now our thin clinents screens are locked after 10 minutes of inactivity.  The user must login in again.  Log in as admin and there is no problem.  If you give the thin client users admin rights, we still have the problem.  The thin clients use the CE operating system and are little affected by group policy.  We have checked all the usual things, screen savers, etc.

Would really appreciate some leads no matter how far out they may be.  At this point we'll try anything.
Thanks
Brian O
0
Comment
Question by:brianounsted
  • 3
  • 3
6 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11874558
If you mean that the session locks requiring the users to enter their password to continue, then this is a default feature of Windows 2003 server. It is usually done via the screensaver setting.

You should disable the screensaver password and timeout via either the local group policy or the domain group policy - depending on the most appropriate for you.
I actually prefer it as the users have this habit of walking away from their machines with confidential information on their screens. I usually force finance and IT to have screensavers lock their systems after 2 minutes of inactivity.

Simon.
0
 

Author Comment

by:brianounsted
ID: 11884220
I wish it were that easy.  We have set the screen saver to 9999 and no password required but it does not affect our thin clients using terminal services.  These are Windows CE clients and are completely deaf to any group policy.

At the moment I am looking at the old NT system policy placed in the NETLOGON share.  This was a suggestion from a newsgroup.  My regular XP clients should ignore this file but hopefully it is picked up by the CE thin clients.  This is one way you might handle W95/98 clients which are also immune to group policy.

We'll see.  Onward and upward

Brian O

0
 
LVL 104

Expert Comment

by:Sembee
ID: 11885149
I have done two implementations with TS and CE thin clients.
As the thin clients cannot be members of the domain they will not get any policy settings. Are you sure this is something local to the client and not on the server?

Screensaver timeout should be disabled in GP.
I have just looked at one implemention where I have remote access...
I have three settings in GP:

User Config, Windows Components, Control Panel, Display.

Hide ScreenSaver Tab: Enabled
Screensaver: Disabled
Screensaver timeout: disabled
Password protect screensaver: disabled

That stops the screensavers from taking - including locking of the machine.
The only other thing I can suggest is that another GP is taking precedence over the one you have made those changes to.

Simon,
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:brianounsted
ID: 11925915
Thanks for the comments and I agree with the fact that another policy may be overiding.

I have some time this weekend so I am taking it one step at a time.  I have set up a fresh W2K3 server and a thin client.  I have set the server screen saver to 9999 and no password.  The thin client is NOT timing out and is working the way we want.

The next step is to make the server a domain controller and not install GP and see where we go.  I will be doing that ove the next few hours so hopefully we have the answer shortly.

I guess one concern I have down the line is that with the screen and keyboard unprotected the security risk is unacceptable.

Thanks for the help.
0
 

Author Comment

by:brianounsted
ID: 11937007
All went according to plan.  The thin clients are working exactly the way we want and the only GP entry we have made is to allow users to logon using terminal services.  The server screens are back to password protected screen savers so we don't have to worry about security with our domain controllers.

Now I will connect up a PC and try to arrange GP to work with both types of clients.  We have several hundred of each.  A lab setup should have been done right from the start but we were in a hurry and thought we knew all the answers.

Thanks Sambee, it just takes a few suggestions to get people ontrack

0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 11947170
Excellent. Don't forget to close the question.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now