Solved

Terminal Services Idle Session Time Limit Settings

Posted on 2014-04-24
3
938 Views
Last Modified: 2014-05-02
Mixed Terminal Services environment with 2003 and 2008 r2 servers.  Have set session time limits on each user's account in AD.  For example idle session time limit 30 minutes.  This works great on 2003 servers.  After 30 minutes idle it resets the connection, but on the 2008 servers it does not.  I have checked each servers RDP-Tcp properties and override user settings is not checked.  Have checked local group policy on 2008 r2 servers and no policies are set.  Any ideas why the server is not using the User Account Settings?
0
Comment
Question by:tparrett
  • 2
3 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40024221
Instead of setting terminal settings on individual users, apply GPO to terminal servers

Create one OU
place all your terminal servers (2003 \ 2008 \ 2012) in that OU
Now place one GPO on this OU and set whatever GPO options you wanted in user configuration
Most of the Options can be found under user configuration\administrative templates\windows components\remote desktop services\remote desktop session host
However you can put other desktop restrictions as well from user configuration

Now enable GPO loop back processing in replace mode in same GPO under computer configuration\administrative templates\system\Group Policy

Note that use 2008 \ 2012 GPMC in order to get best results

Now no matter who will login on terminal servers, all restrictions will get enforced on all users

Mahesh.
0
 

Author Comment

by:tparrett
ID: 40027072
Not all users have the same terminal settings.  Some users are allowed unlimited time, others only 30 minutes.  Can I create groups and set GPO's based on group membership?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40027963
As far as I know GPO needs to be enforced on terminal server computer object so that it will apply to every body who logs on to particular terminal server only

If you apply these setings on OU containing users or if you use security filtering to apply these settings on groups, then no matter which server user logon through RDP, it will apply those restrictions on all RDP sessions, which is not what you want, right ?

You may try, so that you will come to know what i mean
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now