Solved

Terminal services timing out and locking user screens

Posted on 2004-08-23
6
178 Views
Last Modified: 2010-04-19
We have recently upgraded from W2k to 2003 Server and now our thin clinents screens are locked after 10 minutes of inactivity.  The user must login in again.  Log in as admin and there is no problem.  If you give the thin client users admin rights, we still have the problem.  The thin clients use the CE operating system and are little affected by group policy.  We have checked all the usual things, screen savers, etc.

Would really appreciate some leads no matter how far out they may be.  At this point we'll try anything.
Thanks
Brian O
0
Comment
Question by:brianounsted
  • 3
  • 3
6 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11874558
If you mean that the session locks requiring the users to enter their password to continue, then this is a default feature of Windows 2003 server. It is usually done via the screensaver setting.

You should disable the screensaver password and timeout via either the local group policy or the domain group policy - depending on the most appropriate for you.
I actually prefer it as the users have this habit of walking away from their machines with confidential information on their screens. I usually force finance and IT to have screensavers lock their systems after 2 minutes of inactivity.

Simon.
0
 

Author Comment

by:brianounsted
ID: 11884220
I wish it were that easy.  We have set the screen saver to 9999 and no password required but it does not affect our thin clients using terminal services.  These are Windows CE clients and are completely deaf to any group policy.

At the moment I am looking at the old NT system policy placed in the NETLOGON share.  This was a suggestion from a newsgroup.  My regular XP clients should ignore this file but hopefully it is picked up by the CE thin clients.  This is one way you might handle W95/98 clients which are also immune to group policy.

We'll see.  Onward and upward

Brian O

0
 
LVL 104

Expert Comment

by:Sembee
ID: 11885149
I have done two implementations with TS and CE thin clients.
As the thin clients cannot be members of the domain they will not get any policy settings. Are you sure this is something local to the client and not on the server?

Screensaver timeout should be disabled in GP.
I have just looked at one implemention where I have remote access...
I have three settings in GP:

User Config, Windows Components, Control Panel, Display.

Hide ScreenSaver Tab: Enabled
Screensaver: Disabled
Screensaver timeout: disabled
Password protect screensaver: disabled

That stops the screensavers from taking - including locking of the machine.
The only other thing I can suggest is that another GP is taking precedence over the one you have made those changes to.

Simon,
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:brianounsted
ID: 11925915
Thanks for the comments and I agree with the fact that another policy may be overiding.

I have some time this weekend so I am taking it one step at a time.  I have set up a fresh W2K3 server and a thin client.  I have set the server screen saver to 9999 and no password.  The thin client is NOT timing out and is working the way we want.

The next step is to make the server a domain controller and not install GP and see where we go.  I will be doing that ove the next few hours so hopefully we have the answer shortly.

I guess one concern I have down the line is that with the screen and keyboard unprotected the security risk is unacceptable.

Thanks for the help.
0
 

Author Comment

by:brianounsted
ID: 11937007
All went according to plan.  The thin clients are working exactly the way we want and the only GP entry we have made is to allow users to logon using terminal services.  The server screens are back to password protected screen savers so we don't have to worry about security with our domain controllers.

Now I will connect up a PC and try to arrange GP to work with both types of clients.  We have several hundred of each.  A lab setup should have been done right from the start but we were in a hurry and thought we knew all the answers.

Thanks Sambee, it just takes a few suggestions to get people ontrack

0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 11947170
Excellent. Don't forget to close the question.

Simon.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question