• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

Excempt user(s) from Terminal Services policies

We have a terminal server that has a license for up to 50 connections at once.  Users connect via RDP to run an application on the server which is quicker than running a thick-client on their desktops (mainly for offsite users).  The problem is that there are several admin accounts that need to stay logged in but disconnected due to services that are run specifically under those accounts.  I had previously setup disconnect and idle policies under the Terminal Services Configuration that would log off disconnected and idle sessions, but found out the hard way that those previously mentioned admin accounts needed to stay connected after they were bounced by my changes.

Is there a way to setup a GPO or a local policy that will exempt specific users from these policies?  I need to keep those two admin accounts active/logged on while all other idle/disconnected sessions need to be logged off.  Users, even after repeatedly being told, will not 'log off' but will simply close the RDP box leaving their session open.
  • 2
1 Solution
DonNetwork AdministratorCommented:
If you go to the Delegation Tab of the Group Policy and add these admins and deny read(click on the advanced tab>>highlight user>>and select deny Read)
netfriendsincAuthor Commented:
Ok great, so I've enabled the "Set time limit for disconnected sessions" to 30min via the "Computer configuration > policies > admin templates > windows components > remote desktop services" in the GP management Editor on Windows 2008 R2.  I went back to Terminal services server and ran gpupdate and verified it had picked up the GPO by using rsop.msc  However, so far it has not logged off any disconnected sessions - they stay disconnected.  Any idea why that is the case?  I added the two admin accounts to the delegation tab as instructed and set them to 'deny read'.  Thanks for your help thus far!
netfriendsincAuthor Commented:
Nevermind!  It took a little longer than expected - perhaps I didn't figure in propagation - but the gpo is now logging off disconnected sessions.  Thanks for the help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now