none
Is it possible to lock a workstation after 5 minutes of inactivity but exclude RDP connections?

    Question

  • Hi All,

    Just wondering if anyone has successfully implemented a change that will lock an inactive server after 5 minutes of inactivity but not have this triggered if its an RDP connection?

    For example, if you are in a VMWare session and inactive, it will lock your session after 5 minutes. BUT if you are in an RDP session it will not lock you after 5 minutes of inactivity?

    Friday, November 13, 2015 5:15 PM

Answers

  • Hi Redsox,

    As explained by Mary, its per user basis control mostly.

    I don't think you can control this just for RDP sessions, but you can set the time out for the screen saver via GP.

    User Configuration -> Administrative Templates -> Control Panel -> Personlization-Screen saver timeout

    Computer Conifg>Policies>Windows Settings>Security Settings>Local Policies>Security Options and find Interactive logon: Machine inactivity limit.

    You can have alternate arragements for keeping the session active, by running some program or script using Scroll Lock maybe.

    References:

    Deactivate automatic screen lock in terminal session


    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Edited by Satyajit321 Monday, November 16, 2015 5:57 AM
    • Marked as answer by Redsox_Fan Monday, November 16, 2015 12:42 PM
    Monday, November 16, 2015 5:17 AM

All replies

  • Hi Redsonx_Fan,

    Thanks for your post.

    You may check policies that screen saver configuration. Essentially, you could trigger a screensaver to kickoff after 5 minutes and then require the user to enter a password when the screensaver is disabled. These policies are all found under User Configuration > Policies > Administrative Templates > Control Panel > Personalization.

    But in you scenairo, you don't want the RDP connection with the same effect, right? And the above settings are user configuration. It affects users rather than computers. So if they are using their own user account to logon to the remote desktop server then they will get their user policy apply to the RDS server too - enabling the lockout. Then you may enabled group policy loopback processing. You could set this on OU containing the RDSH servers and set it with replace mode - then set the relevant policies such as screen saver / screen lock timeout values.

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 16, 2015 3:07 AM
    Moderator
  • Hi Redsox,

    As explained by Mary, its per user basis control mostly.

    I don't think you can control this just for RDP sessions, but you can set the time out for the screen saver via GP.

    User Configuration -> Administrative Templates -> Control Panel -> Personlization-Screen saver timeout

    Computer Conifg>Policies>Windows Settings>Security Settings>Local Policies>Security Options and find Interactive logon: Machine inactivity limit.

    You can have alternate arragements for keeping the session active, by running some program or script using Scroll Lock maybe.

    References:

    Deactivate automatic screen lock in terminal session


    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Edited by Satyajit321 Monday, November 16, 2015 5:57 AM
    • Marked as answer by Redsox_Fan Monday, November 16, 2015 12:42 PM
    Monday, November 16, 2015 5:17 AM