none
Set time limit for active but idle Remote Desktop Services sessions for paticular user and server

    Question

  • I want to make a GPO where specific users are logged off after a certain time on one particular server. I made a GPO by configuring Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits.

    I then used security filtering and removed Authenticated Users  and added the server and the users I want to log off.I then linked the GPO to an OU containing that server.However It doesn't seem to work.I did a gpresult /R ,and it tells me that GPO is being applied only to the server.

    


    Thursday, October 29, 2015 3:32 PM

Answers

  •  wouldn't the group policy get applied to everyone in the domain ,I need that policy to apply to the members in the  IT OU and also only for that server.

    As mentioned above, you need to configure the setting under User Configuration, then add the specific user into the security filtering list. This way, the setting will only apply to the specific users logged on to that server.

    Loopback processing using merge mode indicates that the user policies defined in the computer's Group Policy objects and the user policies normally applied to the user are combined.

    Have you updated the security filtering in GPO?

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Wasif_ASHRAF Tuesday, November 03, 2015 4:15 PM
    Monday, November 02, 2015 8:22 AM
    Moderator
  • >>I should configure the GPO  under User Configuration and link it to the OU containing  the server, correct?

    Yes.

    >>I should also put the users I want the GPO to be  applied  in the security filtering?

    Yes.

    >>I don't need to put the server in the security filtering right ?

    Yes.

    >>And also where should i apply the loopback processing in the User Configuration or Computer Configuration?

    You can configure loopback processing under

    Computer Configuration\Administrative Templates\System\Group Policy\ User Group Policy Loopback Processing Mode


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Wasif_ASHRAF Tuesday, November 03, 2015 4:16 PM
    Tuesday, November 03, 2015 8:43 AM
    Moderator
  • Hi,

    Session Time Limits setting appears in both Computer Configuration and User Configuration, and based your description, only computer Configuration  is configured with Session Time Limits , so it only applied to computers.

    You could create  a GPO defining the policy under  User Configuration, link the GPO to an OU containing that server and use the Group Policy loopback merge mode to apply GPO

    You could get more information from :

    Session Time Limits: https://technet.microsoft.com/en-us/library/cc753112%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    User Group Policy loopback processing mode: https://technet.microsoft.com/en-us/library/cc978513.aspx?f=255&MSPPError=-2147217396


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Wasif_ASHRAF Wednesday, November 04, 2015 6:19 PM
    Friday, October 30, 2015 7:29 AM
    Moderator

All replies

  • Hi,

    Session Time Limits setting appears in both Computer Configuration and User Configuration, and based your description, only computer Configuration  is configured with Session Time Limits , so it only applied to computers.

    You could create  a GPO defining the policy under  User Configuration, link the GPO to an OU containing that server and use the Group Policy loopback merge mode to apply GPO

    You could get more information from :

    Session Time Limits: https://technet.microsoft.com/en-us/library/cc753112%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    User Group Policy loopback processing mode: https://technet.microsoft.com/en-us/library/cc978513.aspx?f=255&MSPPError=-2147217396


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Wasif_ASHRAF Wednesday, November 04, 2015 6:19 PM
    Friday, October 30, 2015 7:29 AM
    Moderator
  • Thanks a lot for your help.If I  link that GPO to  the  OU containing the server, wouldn't the group policy get applied to everyone in the domain ,I need that policy to apply to the members in the  IT OU and also only for that server.

    Would loopback processing using merge mode accomplish that ?? I tried to configure the GPO like you have mentioned and everybody in my domain gets the GPO applied.

    Friday, October 30, 2015 4:02 PM
  •  wouldn't the group policy get applied to everyone in the domain ,I need that policy to apply to the members in the  IT OU and also only for that server.

    As mentioned above, you need to configure the setting under User Configuration, then add the specific user into the security filtering list. This way, the setting will only apply to the specific users logged on to that server.

    Loopback processing using merge mode indicates that the user policies defined in the computer's Group Policy objects and the user policies normally applied to the user are combined.

    Have you updated the security filtering in GPO?

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Wasif_ASHRAF Tuesday, November 03, 2015 4:15 PM
    Monday, November 02, 2015 8:22 AM
    Moderator
  • Hello Wendy  thanks again for all your help .Just to be clear...

    I should configure the GPO  under User Configuration and link it to the OU containing  the server, correct?

    I should also put the users I want the GPO to be  applied  in the security filtering?

    I don't need to put the server in the security filtering right ?

    And also where should i apply the loopback processing in the User Configuration or Computer Configuration?

    Sorry for all the questions...

    Monday, November 02, 2015 4:07 PM
  • >>I should configure the GPO  under User Configuration and link it to the OU containing  the server, correct?

    Yes.

    >>I should also put the users I want the GPO to be  applied  in the security filtering?

    Yes.

    >>I don't need to put the server in the security filtering right ?

    Yes.

    >>And also where should i apply the loopback processing in the User Configuration or Computer Configuration?

    You can configure loopback processing under

    Computer Configuration\Administrative Templates\System\Group Policy\ User Group Policy Loopback Processing Mode


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Wasif_ASHRAF Tuesday, November 03, 2015 4:16 PM
    Tuesday, November 03, 2015 8:43 AM
    Moderator
  • Thanks again  Wendy. I applied the GPO with user configuration  on an OU containing that server,I used security filtering to choose the users i need the GPO to apply... however when I  do a gpresult it says the GPO is  being applied  to the computer settings not user settings .Therefore the GPO is still not working.

    Is it absolutely necessary to configure a loop back process in my situation ?If yes which mode should I  use? 

    I ask because i'm not quite sure how that will effect my active directory environment....I just want to be really sure before I configure it.

     
    Tuesday, November 03, 2015 7:56 PM
  • Is it absolutely necessary to configure a loop back process in my situation ?If yes which mode should I  use? 

     

    Loopback mode is needed based on your requirement. You should choose Merge mode, this way the user policies normally applied to the user will be preserved.

    Based on my test,  the GPO will show up under both Computer and User settings in Gpresult output.



    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 04, 2015 7:38 AM
    Moderator
  • Thanks Wendy for the reply.

    For your test did you configure the GPO with both  computer and user configuration, and did you apply the loopback Merge mode as well ?


    • Edited by Wasif_ASHRAF Wednesday, November 04, 2015 6:36 PM
    Wednesday, November 04, 2015 6:35 PM
  • Yes.

    In my test GPO ,I configured policy settings under User configuration and enabled loopback Merge mode under Computer Configuration.


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 05, 2015 7:54 AM
    Moderator