locked
[Forum FAQ] Restrict number of Active Sessions in RDS 2012 and 2012 R2 RRS feed

  • General discussion

  • As everyone knows with the introduction of Windows Server 2012 & 2012 R2, there are various changes and no more availability for RDSH configurations or Remote Desktop Service Manager; now we can manage all the settings under Server Manager and group policy.

    Configuration 1: Remote Desktop Timeout settings:

    Here, we will see the Remote Desktop timeout settings. You can maintain the settings under below mention path (Figure 1 and Figure 2).

    1. Open the Server Manager, select Remote Desktop Services.
    2. In Remote desktop Services, in right side you can drop down to collections.
    3. Select the collection which you want to edit the settings.
    4. Under collections Properties, select Task and then Edit Properties.
    5. In Properties dialog box, select Session.
    6. You can find all the timeout settings under session collection properties; edit according to your requirements and then OK.

     

    Figure 1: Selecting Collection Properties

     

    Figure 2: Configuring screen for Timeout and reconnection Settings

    Group policy setting:

    The same settings can also be applied by Group Policy.

    You can also configure timeout and reconnection settings by applying the following Group Policy settings, you can check the figure 3 for graphical view.

    -          Set time limit for disconnected sessions

    -          Set time limit for active but idle Remote Desktop Services sessions

    -          Set time limit for active Remote Desktop Services sessions

    -          End session when time limits are reached

    In addition to this another group policy available with the help of which you can bale to set time limit for logging off the RemoteApp according to our desired time. This setting can be applied with addition to above mentioned policy.

    -          Set time limit for logoff of RemoteApp Sessions

    These Group Policy settings are located in the following locations:

    Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits

    User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits

    These Group Policy settings can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).

    Note:

    These Group Policy settings will take precedence over the settings configured in Remote Desktop Session Host Configuration. If both the Computer Configuration and the User Configuration policy settings are configured, the Computer Configuration policy settings take precedence.

    Figure 3: Group Policy for setting Timeout and reconnection setting

    Configuration 2: Restrict & Enable user to a single & multiple session

    Under Windows Server 2012 & 2012 R2, there is no specific setting under RDP-TCP as it is not available.

    1. Restrict User to Single session:

    To restrict the user to single session (Disable Multiple RDP Session) you can configure the setting under group policy (Figure 4).

    Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections

    Restrict Remote Desktop Services users to a single Remote Desktop Services session     Enabled

    Figure 4: Group policy for Restrict user to Single session

    1. Enable user to multiple session:

    To enable the user to multiple session you can configure the setting under below (Figure 5).

    Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Session Host\ Connections

    Restrict Remote Desktop Services users to a single Remote Desktop Services session     Disabled

    Figure 5: Group Policy for Enable user to Multiple Session

    In addition you can also edit the registry setting for allowing multiple RDP session as per below (Figure 6).

    HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Terminal Server

    fSingleSessionPerUser     REG_DWORD     0x00000000

    Note: By default the registry value is set to 1, but you need to change to 0.

    Figure 6: Display the registry settings

    Also you can edit the policy “Limit number of connections” and set RD Maximum collection as per your company requirements (Maximum limit: 999999) for above mention group policy path (Figure 7).

    Figure 7: Group Policy for Limit number of Connections

    Apart from this, if you have not specified any policy or registry setting and still you want to restrict the new session, then in Windows Server 2012 & 2012 R2 there is option where you need to follow below steps (Figure 8 and Figure 9).

    1. Right click a Remote Desktop Session Host in specified location of Host Server and select “Do not allow new connections”.
    2. After clicking that it will ask you for your confirmation, click yes and no new connection will be allowed.

    Figure 8: Setting displaying “Do not allow new connections”

    Figure 9: Confirmation popup

    RD Gateway Connection Properties:

    If you have deployed RD Gateway under your environment you can also limit the number of simultaneous connections through RD Gateway by configuring policy under RD Gateway Manager. For this you need to follow below mention path.

    1. Open RD Gateway Manager, select the server which you want to modify.
    2. Right click Properties.
    3. Under General Tab

    -Limit maximum allowed simultaneous connections to:Specify the number of connection you want to able to provide connection.

    -Allow the maximum supported simultaneous connections:This setting will allow maximum supported connections at a time.

    -Disable new connections:This setting will not allow new connections through RD Gateway but Active connection will not be automatically disconnected.

    Select the option as per requirement which able to allow the connection

     

    Figure 10: Connections setting under RD Gateway Manager

    Configuration 3: Configure keep-alive connection interval

    As per above mention in initial post you can able to change the setting for Keep alive connection interval. In addition to this also verify the registry setting must be set as per following (Figure 11 and Figure 12).

    HKEY_Local_Machine \ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services

    KeepAliveEnable       REG_DWORD           0x00000001 (1)

    KeepAliveInterval      REG_DWORD           0x00000001 (1)

    Figure 11: Group Policy setting for Keep alive

    Figure 12: Registry setting for keep alive


    If you need further assistance, welcome to post your questions in our Remote Desktop Services (Terminal Services) forum.


    If you would like to achieve this in Windows Server 2008 or Windows Server 2008 R2, please move on to the next post.

    • Edited by Jeremy_Wu Monday, March 31, 2014 4:15 PM Edit
    Monday, March 31, 2014 4:01 PM

All replies

  • Applies to Windows Server 2008 and Windows Server 2008 R2


    Configuration 1: Remote Desktop Timeout settings:

    1. Open the property dialog for RDP-Tcp connection in Remote Desktop Services Manager.

    2. In the Sessions tab, you can configure the following settings:

    • Active Session Limit
    • Idle session limit
    • Action when session limit is reached or connection is broken
    • End a disconnected session

    Additionally, you can configure the settings with the help of Group Policy also by below mention path.

    Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits

    User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits

    Configuration 2: Restrict each user to a single session

    By using this configuration or policy setting, each user can only maintain one session to the certain terminal server; when another session is started by the same user, the original one will lose the connection. In that way, the total number of possible active sessions won’t exceed the total remote users. You can implement this as below mention steps.

    Remote Desktop Host (RDP-Tcp) configuration:

    Edit Settings – Restrict each user to a single session: Yes

    Group Policy: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\

    Restrict Remote Desktop Services (Terminal Services) users to a single remote session:    Enabled

    Configuration 3: Configure keep-alive connection interval

    By specifying the minutes that the TS holds a remote session actually disconnected, the server will detect the session status after each period. The session that are actually offline will be changed to disconnected status:

    Group Policy:  

    Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services (Terminal Services)\Remote Desktop Services Session Host (Terminal Server)\Connections\

    Configure keep-alive connection interval:         Enabled and Specify the Value


    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    • Edited by Jeremy_Wu Monday, March 31, 2014 4:18 PM Edit
    Monday, March 31, 2014 4:08 PM
  • Very nice ...fixed my problems.
    Friday, August 14, 2015 7:57 AM
  • You could also use this registry key on 2012 and 2012 R2

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server and REG_DWORD UserSessionLimit


    Hari Kumar --- Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights

    Monday, November 30, 2015 7:10 PM
  • Hello everyone,

    To Restrict number of Active Sessions in RDS 2012 and 2012 R2, Simply go on Collection --> Task (EDIT Properties) --> Load Balancing .

    then choose the number of session.

    


    connection broker

    Wednesday, December 23, 2015 11:21 AM