Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Terminal Services Idle Session Time Limit Settings

Posted on 2014-04-24
3
Medium Priority
?
1,026 Views
Last Modified: 2014-05-02
Mixed Terminal Services environment with 2003 and 2008 r2 servers.  Have set session time limits on each user's account in AD.  For example idle session time limit 30 minutes.  This works great on 2003 servers.  After 30 minutes idle it resets the connection, but on the 2008 servers it does not.  I have checked each servers RDP-Tcp properties and override user settings is not checked.  Have checked local group policy on 2008 r2 servers and no policies are set.  Any ideas why the server is not using the User Account Settings?
0
Comment
Question by:tparrett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40024221
Instead of setting terminal settings on individual users, apply GPO to terminal servers

Create one OU
place all your terminal servers (2003 \ 2008 \ 2012) in that OU
Now place one GPO on this OU and set whatever GPO options you wanted in user configuration
Most of the Options can be found under user configuration\administrative templates\windows components\remote desktop services\remote desktop session host
However you can put other desktop restrictions as well from user configuration

Now enable GPO loop back processing in replace mode in same GPO under computer configuration\administrative templates\system\Group Policy

Note that use 2008 \ 2012 GPMC in order to get best results

Now no matter who will login on terminal servers, all restrictions will get enforced on all users

Mahesh.
0
 

Author Comment

by:tparrett
ID: 40027072
Not all users have the same terminal settings.  Some users are allowed unlimited time, others only 30 minutes.  Can I create groups and set GPO's based on group membership?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 40027963
As far as I know GPO needs to be enforced on terminal server computer object so that it will apply to every body who logs on to particular terminal server only

If you apply these setings on OU containing users or if you use security filtering to apply these settings on groups, then no matter which server user logon through RDP, it will apply those restrictions on all RDP sessions, which is not what you want, right ?

You may try, so that you will come to know what i mean
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question