Configuring the idle session time-out period for Outlook Web Access clients
Before performing this task, you must have a Web listener that uses forms-based authentication for Outlook Web Access.
To configure the idle session time-out period for Outlook Web Access clients
In the Forefront TMG Management console tree, click Firewall Policy.
In the task pane, click the Toolbox tab.
On the Toolbox tab, click Network Objects, expand Web Listeners, and select the applicable Web listener.
On the toolbar beneath Network Objects, click Edit.
On the Forms tab, click Advanced.
Under Client Security Settings, select Treat as maximum idle time.
In Timeout for public computers (minutes), set the maximum time that users can remain idle on public computers before they are disconnected.
In Timeout for private computers (minutes), set the maximum time that users can remain idle on trusted private computers before they are disconnected.
Click OK to close Advanced Form Options, and then click OK again to close the Web listener properties.
In the details pane, click the Apply button to save and update the configuration, and then click OK.
- By default, the session time-out period for public computers is 10 minutes, and its range of permissible values is from 1 to 9,999 minutes.
- By default, the session time-out period for trusted private computers is 360 minutes, and its range of permissible values is from 1 to 9,999 minutes.
- Typically, a shorter idle session time-out period is configured for public computers than for private computers to reduce the risk that a third party will be able to access a user's e-mail if the user leaves a public computer without logging off.