Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Terminal Services Idle Session Time Limit Settings

Posted on 2014-04-24
3
Medium Priority
?
1,045 Views
Last Modified: 2014-05-02
Mixed Terminal Services environment with 2003 and 2008 r2 servers.  Have set session time limits on each user's account in AD.  For example idle session time limit 30 minutes.  This works great on 2003 servers.  After 30 minutes idle it resets the connection, but on the 2008 servers it does not.  I have checked each servers RDP-Tcp properties and override user settings is not checked.  Have checked local group policy on 2008 r2 servers and no policies are set.  Any ideas why the server is not using the User Account Settings?
0
Comment
Question by:tparrett
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40024221
Instead of setting terminal settings on individual users, apply GPO to terminal servers

Create one OU
place all your terminal servers (2003 \ 2008 \ 2012) in that OU
Now place one GPO on this OU and set whatever GPO options you wanted in user configuration
Most of the Options can be found under user configuration\administrative templates\windows components\remote desktop services\remote desktop session host
However you can put other desktop restrictions as well from user configuration

Now enable GPO loop back processing in replace mode in same GPO under computer configuration\administrative templates\system\Group Policy

Note that use 2008 \ 2012 GPMC in order to get best results

Now no matter who will login on terminal servers, all restrictions will get enforced on all users

Mahesh.
0
 

Author Comment

by:tparrett
ID: 40027072
Not all users have the same terminal settings.  Some users are allowed unlimited time, others only 30 minutes.  Can I create groups and set GPO's based on group membership?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40027963
As far as I know GPO needs to be enforced on terminal server computer object so that it will apply to every body who logs on to particular terminal server only

If you apply these setings on OU containing users or if you use security filtering to apply these settings on groups, then no matter which server user logon through RDP, it will apply those restrictions on all RDP sessions, which is not what you want, right ?

You may try, so that you will come to know what i mean
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question