Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2016 / Configuring RDP/RDS Sessions Limits (Timeouts) on Windows

February 2, 2021 Windows 10Windows Server 2016

Configuring RDP/RDS Sessions Limits (Timeouts) on Windows

By default, when a user closes the RDP/RDS session window in a terminal client (mstsc.exe, RDCMan or Remote Desktop HTML5 web client) by simply clicking the cross in the top right corner without logging off, his session goes into disconnected mode. In this mode, all apps, open files and windows are still running on a remote desktop server and consuming resources.

By default, a user’s RDP session in Windows may stay in the disconnected state until terminated by the user or administrator, or until the computer is restarted. It is quite convenient, since a user may any time connect to his old remote desktop session and go on working with running programs or open files.

In the following screenshot you can see that the disconnected user sessions on the RDS server running Windows Server 2016 are using about 40% of the server RAM. Also, these sessions may block open files on your file servers, cause problems of incorrect saving of data in the apps, roaming profile folders or on User Profile Disks.

disconnected user session on rds host

Using the quser command, you can view when a user RDP session was started, how long it was idle and the current session state.

quser command - list all rds session with logon time, idle and state

To automatically terminate disconnected RDP/RDS sessions in a specified period of time, you need to set session limits (timeouts) correctly.

If you use an RDS server, you can configure session timeout parameters in the RDS collection settings on the Session tab.

Specify the time period, after which you want to kill a disconnected remote desktop session, in the End a disconnected session option (by default, a session period is unlimited – Never). You can also set the maximum time of an active session (Active session limit) and end an idle session (Idle session limit). These hard timeouts are applied to all sessions in the RDS collection.

RDS server timeouts in session collection properties on RD session host

You can also set the limits of an RDP session in the properties of a local (lusrmgr.msc) or domain user (dsa.msc — Active Directory Users and Computers console).

rds session timeouts in user properties in active directory

It is not worth to make RDP session timeouts too short, otherwise user sessions will be terminated almost right after they become inactive.

In Windows Server 2012 R2/2016/2019, you can set RDP session timeouts using Group Policies. You can do it either in the domain GPO editor (gpmc.msc) or in the Local Group Policy Editor (gpedit.msc) on an RDS server or client (if you are using a desktop Windows edition as a terminal server).

The settings of RDP session timeouts are located in the following GPO section Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits. The following Remote Desktop timeout settings are available:

  • Set time limit for disconnected session;
  • Set time limit for active but idle Remote Desktop Services sessions — the policy allows idle RDP sessions to be terminated that have no user input (like moving a mouse or typing something on a keyboard);
  • Set time limit for active Remote Desktop Services sessions — it is the maximum time of any RDP session (even an active one), after which it gets disconnected;
  • End Session when time limits are reached — sets the time, after which an RDP session will be terminated (logoff) instead of disconnecting it;
  • Set time limit for logoff of RemoteApp sessions.
You can find the same RDP timeout settings in the user GPO section: User Configuration -> Administrative Templates -> Windows Components. Using the policy from the user section, you can more flexibly configure user groups with different limits on the length of RDP sessions.

configure RDP/RDS session time limits via GPO

By default, these options are not configured. To automatically terminate disconnected RDP user sessions in 8 hours, enable the Set time limit for disconnected session policy and select 8 hours in the dropdown list.

"Set time limit for disconnected session" - group policy parameter to restrict rdp session time

Save the changes and update the Group Policy settings on your RD host (gpupdate /force). New timeout settings will be applied to new RDP sessions only (you will have to end the current RDS sessions manually).

You can also set RDP session time limits through the registry. The following DWORD parameters from HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services correspond to the policies described above:

  • MaxDisconnectionTime
  • MaxIdleTime
  • MaxConnectionTime
  • MaxDisconnectionTime
  • RemoteAppLogoffTimeLimit

In Windows Server 2008 R2, you could also set RDP session timeouts using a special console: tsconfig.msc (RD Session Host Configuration). It was enough to open the console and right-click RDP-Tcp -> Properties. The settings of session limits are located on the Sessions tab. However, there is no such console in newer Windows Server versions (although you can manually copy tsadmin.msc and tsconfig.msc files and use these consoles on newer Windows Server versions as well).

tsconfig.msc session limits on windows server 2008 r2

4 comments
4
Facebook Twitter Google + Pinterest
previous post
How to Find Inactive Computers and Users in Active Directory with PowerShell?
next post
Using TSADMIN.msc and TSCONFIG.msc Snap-Ins on Windows Server 2016 RDS Host

Related Reading

Windows Security Won’t Open or Shows a Blank...

May 17, 2022

How to Manually Install Windows Updates from CAB...

May 16, 2022

RDS and RemoteApp Performance Issues on Windows Server...

May 16, 2022

Deploying Software (MSI Packages) Using Group Policy

May 12, 2022

Fix: You’ll Need a New App to Open...

April 27, 2022

4 comments

AZ-140 Exam Study Guide (Configure Microsoft Azure Virtual Desktop) August 6, 2021 - 4:40 am

[…] Configuring RDP/RDS session timeout on Windows […]

Reply
Pajeu August 17, 2021 - 7:52 pm

Dzięki Adam!

Reply
Exam AZ-140: Configuring And Operating Microsoft Azure Virtual Desktop - Powershell Talk October 3, 2021 - 3:31 pm

[…] Configuring RDP/RDS session timeout on Windows […]

Reply
Huleos March 20, 2022 - 4:42 pm

По этой схеме будет завершать все RDP сессии, в том числе и администратора, если тот подключается удаленно, что не приемлемо, так как от администратора запушены нужные проги типо сервера оборудования, сервер задач, видеозапись, и много другое.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Allow Multiple RDP Sessions in Windows 10 and 11?
  • How to Repair EFI/GPT Bootloader on Windows 10?
  • How to Restore Deleted EFI System Partition in Windows 10?
  • Network Computers are not Showing Up in Windows 10/11
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • How to Sign an Unsigned Device Driver in Windows?
  • How to Download APPX File from Microsoft Store for Offline Installation?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top