Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How do I stop session time out for terminal services

Posted on 2008-10-05
4
2,001 Views
Last Modified: 2013-11-21
I run a terminal services app on windows 2003 server and XP clients which uses a local user account to log on to windows on the computer. Then the app is launched by clicking on an icon which has the needed credentials on the domain to access required resources.
 My problem is after a period of in activity the terminal session locks similarly to locking your windows desktop session and hence the user needs to know the domain account password to unlock the session. This defeats the purpose. How can I stop this time out issue or extend the time it takes. I went over the GP and have made several setting changes but none seem to address the issue. Thanks for any help you can offer
0
Comment
Question by:dutyfreecaribbean
  • 2
4 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 22645246
The policy to be modified is the screen saver setting at the TS. "on resume, display logon screen" is activated. You could take out that setting completely or rise the screen saver activation time.
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22645761
McKnife hit it spot on mate. What's causing the timeout is the Screen Saver setting. It's probably set to the default which means after 10 minutes of inactivity the Screen Saver pops up and locks the session out.
If you made changes to the Screen Saver settings using a GPO you will need to adjust the settings in that gpo. If you haven't made any settings you can simply use the Local Security Policy editor in the Administrative Tools on the server. Look under Local Computer Policy\User Configuration\Administrative Templates\Control Panel\Display for the following settings:
Hide screen saver tab - Removes Screen Saver tab from Display in Control Panel. This way users won't be able to change your settings.
No screen saver - Enable to prevent any screen savers from running.You could switch this on and forget about the following setting. If you don't you want to set this next one:
Password protect the screen saver -Disable to prevent passwords from being used on all screen savers. And an end to your worries.

You should consider the following: Without a Screen Saver with password protection enabled any terminal services session is compromised if someone obtains access to the computer running it. If your visitor security is lax or the intended application is sensitive this is a potential security risk.

Let me know if this helps. :)



0
 

Author Comment

by:dutyfreecaribbean
ID: 22687704
I tried adjusting the setting on the database server, including out right  disabling the screen saver and still having the same issue where the credentials are being required to unlock the session
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 22908570
Please check the value of the following regkey:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93258.mspx?mfr=true
Has to be zero.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know what services you can and cannot, should and should not combine on your server.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question