Announcement

Collapse
No announcement yet.

RDP idle log out GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP idle log out GPO

    Hi guys i need a GPO that will basically log out idle RDP connections after 3 hours. I have users that RDP but tend just to leave the session on but i want it idle out after 3 hours. Has to be a computer policy if possible!

  • #2
    Re: RDP idle log out GPO

    W2K8 ADMX based GPO:

    Computer Configuration>Policies>Administrative Templates>Windows Components>Terminal Services>Terminal Server>Session Time Limits>Set time limit for active but idle Terminal Service session

    W2K3 ADM based GPO:

    Computer Configuration>Administrative Templates>Windows Components>Terminal Services>Sessions>Sets a time limit for active but idle Terminal Service session

    Comment


    • #3
      Re: RDP idle log out GPO

      I thought this, Ive tried this but i come off a server last night but when i check the sessions this morning i was still on there! I have checked the box (gp result) and the policy is in effect! Was thinking there must be something else? It is a w2k3 domain.

      Comment


      • #4
        Re: RDP idle log out GPO

        Try refreshing group policy on the terminal server or try rebooting the terminal server.

        gpupdate /force

        Comment


        • #5
          Re: RDP idle log out GPO

          Would this work if i applied this to a pc that also gets RDP'd onto?

          Comment


          • #6
            Re: RDP idle log out GPO

            I don't think so as pc's don't technically run Terminal Services and this is a Terminal Server setting.

            Comment


            • #7
              Re: RDP idle log out GPO

              For some reason or other its just not cancelling the session on any server. RDP continues to stay open nearly 24 hours later! any other ideas?

              Comment


              • #8
                Re: RDP idle log out GPO

                Hi pal!

                Can I assume that the connection state is "disconnected"? Or is it "active" with idle clock of hours?

                Are you applying the group policy locally or via OU? If via OU, does it contain the terminal server or the users?
                Regards,
                Leonid

                MCSE 2003, MCITP EA, VCP4.

                Comment


                • #9
                  Re: RDP idle log out GPO

                  how about setting it in the sessions tab of the rdp-tcp connector properties.
                  Please remember to award reputation points if you have received good advice.
                  I do tend to think 'outside the box' so others may not always share the same views.

                  MCITP -W7,
                  MCSA+Messaging, CCENT, ICND2 slowly getting around to.

                  Comment


                  • #10
                    Re: RDP idle log out GPO

                    I have just set the time for the disconnected Terminal services. Wheres that RDP property?

                    Comment


                    • #11
                      Re: RDP idle log out GPO

                      Originally posted by MartinaGreenhill View Post
                      I have just set the time for the disconnected Terminal services. Wheres that RDP property?
                      Here is some more info.
                      http://technet.microsoft.com/en-us/l...50(WS.10).aspx

                      I don't know what is your knowledge with this technology, so just to point out a guideline:

                      An active session is a session that the user is working in. By default, it can be idle for an unlimited amount of time. Here is where the server config comes into play: it's disconnecting or ending the session that it's idle time is more than X minutes or hours.

                      A disconnected session is a session that the user is still logged on, the programs are still open, but no one is connected. It can happen for numerous reasons: too long idle time from active state, the rdp client disconnected, computer froze, etc. You can configure how long the session can live in this state as well. After a session dies, the programs are forcefully closed, the user is logged off and any unsaved data is lost.

                      So now to the point: if you only configured timeout for disconnected state, some of the sessions will remain in active state indefinitely. You need to configure timeout for both active (but idle) and disconnected session states.
                      So from active session that is idle for x minutes you can: disconnect/end session (logoff) and from there you can configure the disconnected session to be closed after another x minutes.
                      A practical example we use: after 60 minutes of idle state an active session is disconnected and disconnected sessions are closed completely after another 90 minutes. So if I am leaving the rdp client and go home, after 60+90 minutes the session will be completely closed.

                      Good luck
                      Last edited by venom83; 8th November 2010, 19:11.
                      Regards,
                      Leonid

                      MCSE 2003, MCITP EA, VCP4.

                      Comment

                      Working...
                      X