Share via

How to enforce AD Users Sessions tab settings to sign users out of their RDS sessions?

Chris H 1 Reputation point
2022-11-29T12:17:10.27+00:00

We have a small handful of users that don't sign out of their RDS sessions at the end of the day. Often they will remain connected for several days.

In an attempt to sign these specific users out of their RDS sessions centrally, I put the following settings in place within their Active Directory user accounts, under the Sessions tab:

End a disconnected session - 3 hours
Active session limit - Never
Idle session limit - 3 hours
When a session limit is reached, or a connection is broken - End session

However the settings don't seem to do anything - the users are still able to remain signed in all week.

Does anyone know if there is a GPO that I need to edit to enforce the settings? Or if there are some additional steps I need to take to make the settings take effect?

Thanks

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Client for IT Pros User experience Remote desktop services and terminal services
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jonathon Kindred 411 Reputation points
    2022-11-29T12:24:17.297+00:00

    Open Group Policy Management on the server in question and navigate to:

    User Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits

    Enable the item named: Set time limit for active but IDLE Remote desktop service sessions.

    Select the desired time limit for the inactive session.

    Enable the item named: End session when time limits are reached.

    This setting will be responsible for the user Logoff after the inactivity period is reached.

    To save it you'll need to close down the Group Policy Editor.

    Afterwards, The system will give a warning message 2 minutes before disconnecting the Remote desktop session.

    EDIT: I forgot to mention that you'll need to create a new GPO. Then right-click to edit it, and follow down the path I mentioned above.

    If you find this answer useful, please up-vote and accept as the solution so that other Q/A users' can easily find solutions to related issues. Thanks.

    0 comments
  2. TP 124.7K Reputation points Volunteer Moderator
    2022-11-30T06:10:30.087+00:00

    Hi,

    On your RD Connection Broker, Server Manager -- RDS -- Collections -- <yourcollectionname> -- Tasks -- Edit Properties -- Session tab, modify the timeouts to fit your needs. Please note that the changes will only take effect for new sessions that are made after you save your changes. In other words, any sessions that are currently on your server (whether Active or Disconnected) will not have the timeouts applied. You need to sign off these existing sessions and next time the users connect they will have the updated timeouts.

    265487-rds-session-collection-timeouts.jpg

    Thanks.

    -TP

    0 comments
  3. Chris H 1 Reputation point
    2022-11-30T08:42:09.26+00:00

    @TP Those settings affect all users though. I'm looking to just apply it to specific users. @Jonathon Kindred 's suggestion sounds like a possibility, although I would really like to find out how to get the Active Directory user account Session tab settings to take effect. They seem to be the easiest way of applying the settings on a per-user basis.

    Does anyone know how to make those settings properly take effect?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.