Solved

Terminal services timing out and locking user screens

Posted on 2004-08-23
6
180 Views
Last Modified: 2010-04-19
We have recently upgraded from W2k to 2003 Server and now our thin clinents screens are locked after 10 minutes of inactivity.  The user must login in again.  Log in as admin and there is no problem.  If you give the thin client users admin rights, we still have the problem.  The thin clients use the CE operating system and are little affected by group policy.  We have checked all the usual things, screen savers, etc.

Would really appreciate some leads no matter how far out they may be.  At this point we'll try anything.
Thanks
Brian O
0
Comment
Question by:brianounsted
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11874558
If you mean that the session locks requiring the users to enter their password to continue, then this is a default feature of Windows 2003 server. It is usually done via the screensaver setting.

You should disable the screensaver password and timeout via either the local group policy or the domain group policy - depending on the most appropriate for you.
I actually prefer it as the users have this habit of walking away from their machines with confidential information on their screens. I usually force finance and IT to have screensavers lock their systems after 2 minutes of inactivity.

Simon.
0
 

Author Comment

by:brianounsted
ID: 11884220
I wish it were that easy.  We have set the screen saver to 9999 and no password required but it does not affect our thin clients using terminal services.  These are Windows CE clients and are completely deaf to any group policy.

At the moment I am looking at the old NT system policy placed in the NETLOGON share.  This was a suggestion from a newsgroup.  My regular XP clients should ignore this file but hopefully it is picked up by the CE thin clients.  This is one way you might handle W95/98 clients which are also immune to group policy.

We'll see.  Onward and upward

Brian O

0
 
LVL 104

Expert Comment

by:Sembee
ID: 11885149
I have done two implementations with TS and CE thin clients.
As the thin clients cannot be members of the domain they will not get any policy settings. Are you sure this is something local to the client and not on the server?

Screensaver timeout should be disabled in GP.
I have just looked at one implemention where I have remote access...
I have three settings in GP:

User Config, Windows Components, Control Panel, Display.

Hide ScreenSaver Tab: Enabled
Screensaver: Disabled
Screensaver timeout: disabled
Password protect screensaver: disabled

That stops the screensavers from taking - including locking of the machine.
The only other thing I can suggest is that another GP is taking precedence over the one you have made those changes to.

Simon,
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:brianounsted
ID: 11925915
Thanks for the comments and I agree with the fact that another policy may be overiding.

I have some time this weekend so I am taking it one step at a time.  I have set up a fresh W2K3 server and a thin client.  I have set the server screen saver to 9999 and no password.  The thin client is NOT timing out and is working the way we want.

The next step is to make the server a domain controller and not install GP and see where we go.  I will be doing that ove the next few hours so hopefully we have the answer shortly.

I guess one concern I have down the line is that with the screen and keyboard unprotected the security risk is unacceptable.

Thanks for the help.
0
 

Author Comment

by:brianounsted
ID: 11937007
All went according to plan.  The thin clients are working exactly the way we want and the only GP entry we have made is to allow users to logon using terminal services.  The server screens are back to password protected screen savers so we don't have to worry about security with our domain controllers.

Now I will connect up a PC and try to arrange GP to work with both types of clients.  We have several hundred of each.  A lab setup should have been done right from the start but we were in a hurry and thought we knew all the answers.

Thanks Sambee, it just takes a few suggestions to get people ontrack

0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 11947170
Excellent. Don't forget to close the question.

Simon.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
why user can't see mapped share folder 8 69
Shadow copies windows server 2003 2 108
Moving a windows 7 install to new hardware 9 180
Shared files and folders migration 2 66
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question