Solved

Terminal Services Idle Session Time Limit Settings

Posted on 2014-04-24
3
964 Views
Last Modified: 2014-05-02
Mixed Terminal Services environment with 2003 and 2008 r2 servers.  Have set session time limits on each user's account in AD.  For example idle session time limit 30 minutes.  This works great on 2003 servers.  After 30 minutes idle it resets the connection, but on the 2008 servers it does not.  I have checked each servers RDP-Tcp properties and override user settings is not checked.  Have checked local group policy on 2008 r2 servers and no policies are set.  Any ideas why the server is not using the User Account Settings?
0
Comment
Question by:tparrett
  • 2
3 Comments
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40024221
Instead of setting terminal settings on individual users, apply GPO to terminal servers

Create one OU
place all your terminal servers (2003 \ 2008 \ 2012) in that OU
Now place one GPO on this OU and set whatever GPO options you wanted in user configuration
Most of the Options can be found under user configuration\administrative templates\windows components\remote desktop services\remote desktop session host
However you can put other desktop restrictions as well from user configuration

Now enable GPO loop back processing in replace mode in same GPO under computer configuration\administrative templates\system\Group Policy

Note that use 2008 \ 2012 GPMC in order to get best results

Now no matter who will login on terminal servers, all restrictions will get enforced on all users

Mahesh.
0
 

Author Comment

by:tparrett
ID: 40027072
Not all users have the same terminal settings.  Some users are allowed unlimited time, others only 30 minutes.  Can I create groups and set GPO's based on group membership?
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40027963
As far as I know GPO needs to be enforced on terminal server computer object so that it will apply to every body who logs on to particular terminal server only

If you apply these setings on OU containing users or if you use security filtering to apply these settings on groups, then no matter which server user logon through RDP, it will apply those restrictions on all RDP sessions, which is not what you want, right ?

You may try, so that you will come to know what i mean
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to ping a server in the same subnet 10 91
DNS Record - External Public IP (Sonicwall VPN) 9 45
LOGINSERVER and nltest /dsgetdc 3 40
FTP server backups 5 10
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question