brianounsted
asked on
Terminal services timing out and locking user screens
We have recently upgraded from W2k to 2003 Server and now our thin clinents screens are locked after 10 minutes of inactivity. The user must login in again. Log in as admin and there is no problem. If you give the thin client users admin rights, we still have the problem. The thin clients use the CE operating system and are little affected by group policy. We have checked all the usual things, screen savers, etc.
Would really appreciate some leads no matter how far out they may be. At this point we'll try anything.
Thanks
Brian O
Would really appreciate some leads no matter how far out they may be. At this point we'll try anything.
Thanks
Brian O
ASKER
I wish it were that easy. We have set the screen saver to 9999 and no password required but it does not affect our thin clients using terminal services. These are Windows CE clients and are completely deaf to any group policy.
At the moment I am looking at the old NT system policy placed in the NETLOGON share. This was a suggestion from a newsgroup. My regular XP clients should ignore this file but hopefully it is picked up by the CE thin clients. This is one way you might handle W95/98 clients which are also immune to group policy.
We'll see. Onward and upward
Brian O
At the moment I am looking at the old NT system policy placed in the NETLOGON share. This was a suggestion from a newsgroup. My regular XP clients should ignore this file but hopefully it is picked up by the CE thin clients. This is one way you might handle W95/98 clients which are also immune to group policy.
We'll see. Onward and upward
Brian O
I have done two implementations with TS and CE thin clients.
As the thin clients cannot be members of the domain they will not get any policy settings. Are you sure this is something local to the client and not on the server?
Screensaver timeout should be disabled in GP.
I have just looked at one implemention where I have remote access...
I have three settings in GP:
User Config, Windows Components, Control Panel, Display.
Hide ScreenSaver Tab: Enabled
Screensaver: Disabled
Screensaver timeout: disabled
Password protect screensaver: disabled
That stops the screensavers from taking - including locking of the machine.
The only other thing I can suggest is that another GP is taking precedence over the one you have made those changes to.
Simon,
As the thin clients cannot be members of the domain they will not get any policy settings. Are you sure this is something local to the client and not on the server?
Screensaver timeout should be disabled in GP.
I have just looked at one implemention where I have remote access...
I have three settings in GP:
User Config, Windows Components, Control Panel, Display.
Hide ScreenSaver Tab: Enabled
Screensaver: Disabled
Screensaver timeout: disabled
Password protect screensaver: disabled
That stops the screensavers from taking - including locking of the machine.
The only other thing I can suggest is that another GP is taking precedence over the one you have made those changes to.
Simon,
ASKER
Thanks for the comments and I agree with the fact that another policy may be overiding.
I have some time this weekend so I am taking it one step at a time. I have set up a fresh W2K3 server and a thin client. I have set the server screen saver to 9999 and no password. The thin client is NOT timing out and is working the way we want.
The next step is to make the server a domain controller and not install GP and see where we go. I will be doing that ove the next few hours so hopefully we have the answer shortly.
I guess one concern I have down the line is that with the screen and keyboard unprotected the security risk is unacceptable.
Thanks for the help.
I have some time this weekend so I am taking it one step at a time. I have set up a fresh W2K3 server and a thin client. I have set the server screen saver to 9999 and no password. The thin client is NOT timing out and is working the way we want.
The next step is to make the server a domain controller and not install GP and see where we go. I will be doing that ove the next few hours so hopefully we have the answer shortly.
I guess one concern I have down the line is that with the screen and keyboard unprotected the security risk is unacceptable.
Thanks for the help.
ASKER
All went according to plan. The thin clients are working exactly the way we want and the only GP entry we have made is to allow users to logon using terminal services. The server screens are back to password protected screen savers so we don't have to worry about security with our domain controllers.
Now I will connect up a PC and try to arrange GP to work with both types of clients. We have several hundred of each. A lab setup should have been done right from the start but we were in a hurry and thought we knew all the answers.
Thanks Sambee, it just takes a few suggestions to get people ontrack
Now I will connect up a PC and try to arrange GP to work with both types of clients. We have several hundred of each. A lab setup should have been done right from the start but we were in a hurry and thought we knew all the answers.
Thanks Sambee, it just takes a few suggestions to get people ontrack
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should disable the screensaver password and timeout via either the local group policy or the domain group policy - depending on the most appropriate for you.
I actually prefer it as the users have this habit of walking away from their machines with confidential information on their screens. I usually force finance and IT to have screensavers lock their systems after 2 minutes of inactivity.
Simon.