Windows Remote Desktop timeout
If you're a System Administrator and you had to perform a Risk Assessment, Security Assessment, Due Diligence or Compliance Questionnaire at least once, you most likely know that in order to meet the security requirements asked by most modern regulations and standards - such as the ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO/IEC 20000:2011, NIST CyberSecurity Framework, SSAE/SOC2, ITIL, PCI-DSS and so on - you have to setup your Windows Server environment accordingly. Since I've also been working on this, I'll share some basic knowledge that will be most likely useful for those who need to do that in a series of dedicated posts on this blog. This is the first one of them, in which we'll be talking about setting up a Remote Desktop Session Time Limit for active, yet idle connections in Windows Server 2012. Here's a common RA requirement that can be met in such way:
That's something we can easily expect from a decent Risk Assessment questionnaire. Those who want to PASS this - assuming they're using Windows-based server machines - will need to adjust the behaviour of the Remote Desktop Session Host, which features no given timeout by default. To do that, perform the following tasks:
That's it! As soon as you click Apply, the new settings will be saved: from now on, all newly-initialized Remote Desktop session will be disconnected after the given amount of time. On top of that, the remote connected users will also have the chance to see the following alert popup, so that they will know what's about to happen and they'll have the chance to prevent the disconnection - in case they're still there: Now our system is fully compliant with the above requirements. Computer Configuration vs User ConfigurationFor those interested in dealing with the Microsoft-way of handling the global policy , it can be worth to briefly summarize the concept of Computer Configuration as opposed to User Configuration. In a given Group Policy context, Computer Configuration is applied to computers, regardless of who logs on to the computers; conversely, User Configuration is applied to users, regardless of which computer they log on to. If we set the settings collide with each other in Computer Configuration and User Configuration in one GPO, the Computer configuration will override the User Configuration. For details, please refer to the following article.
How to set RDP session timeouts:
Under Windows 7 you have to select Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits. There you can set different timeout values for RDP sessions and if the RDP session should be terminated after the timeout occurs. Tags: change timeout for rdp sessions, Disconnected Sessions, RDP, RDP Session Timeout, Terminal Services, time, time limit |