SimonKravis

Senior Member
Joined
Dec 12, 2013
Messages
3
I am using remote access to Server 2016 on a Virtual Private Server and wish to configure a user account Test to terminate after 1 hour of being disconnected. From the server Admin account I have accessed Computer Management -> Local Users and Groups-> Users -> Test and in the Sessions tab of account properties set Ends a Disconnected Session to 1 hr. However, the disconnected Test session does not close after 1 hr of disconnection. (As shown by Task Manager-> Users which shows the Test account in a disconnected state after more than 1 hr of disconnection.)

I then used gpedit.msc from an Administrator account to set User Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Session Time Limits to end disconnected sessions 1 hour after disconnection rather than never. This was successful but had the side effect of preventing the IIS web server from working unless it is restarted from the Administrator account. The Web application runs a Windows executable by this may not explain why IIS does not run without an administrator session running. It seems as though the gpedit policy setting applies to all users. I would like it to apply only to non-admin users. How can this be done?
 


Solution
This suggestion did it! I created a new group Non-Administrators from Computer Management-> Users and Groups-> Action-> New Group and added all the non-admin accounts to it to create a Non-Administrators group. Then I ran MMC, added the Group Policy Editor, browsed for a Group Policy object, and selected Non-Administrators. I was then able to set the session timeout after disconnection. To make it work I had to disable Session Timeout for the computer and for all users using gpedit.msc, as these seemed to override the group policies.
Thanks for the quick response - this question has been unanswered on Microsoft's Technet for a number of weeks
If this is configured as a terminal server you can configure the disconnect timeout in RDS. As far as your GPO question you cant distinguish between admin and non admin users per say. You'll need to add the non-admin users to a security group and then apply the GPO to that.
 


This suggestion did it! I created a new group Non-Administrators from Computer Management-> Users and Groups-> Action-> New Group and added all the non-admin accounts to it to create a Non-Administrators group. Then I ran MMC, added the Group Policy Editor, browsed for a Group Policy object, and selected Non-Administrators. I was then able to set the session timeout after disconnection. To make it work I had to disable Session Timeout for the computer and for all users using gpedit.msc, as these seemed to override the group policies.
Thanks for the quick response - this question has been unanswered on Microsoft's Technet for a number of weeks
 


Solution
Back
Top