Hi all,
hopefully someone can help me with the following;
I would like to create a GPO for disconnecting RDC connections after a certain period of inactivity. i would only like this to effect the servers my admin users log into. i do not want any service accounts that stay logged into servers being disconnected. I also have a few admin machines that i want exempt from the policy, even when my admin users are logged in.
i have created the following user GPO and linked it to the OU where my admin users reside.
- Set time limit for disconnected session– Will be set for 24 hours. When someone closes a RDC session without logging off it will be kept for 24 hours, after this time it will be terminated.
- Set time limit for active but idle Remote Desktop Services Session– Will be set for 4 hours. An idle session will be disconnected (not logged off) after 4 hours.
- Set time limit for active Remote Desktop Services sessions– This will NOT be configured.
- Terminate Sessions when time limits are reached– This will not be set. A user who leaves his session idle for 4 hours will be disconnected, this disconnected session will remain present for 24 hours, once 24 hours has elapsed the session will be terminated. Total of 30 hours. - Does this have to be set?
I created a deny GPO group with the admin servers in it (and restarted the server to enforce group membership) and gave it DENY permissions on the GPO.
disconnected idle sessions are terminated after 24 hours (as expected), aside from domain controllers (not expected).
active but idle sessions disconnect after 4 hours - but then 24 hours alter (top policy) they are not terminated. - is this expected behavior.
admin machines are disconnected after 4 hours of inactivity - not expected - do i need to create a workstation based GPO to say never be logged for these boxes?
any assistance would be appreciated.