Tuesday, May 24, 2005

Making sure Terminal Services on Your Domain Controller Times Out

If you're an avid reader, you know that I manage the dogfood server at Microsoft for the Small Business Server team. If you don't know that, now you do. :)

One of the biggest problems I have is there are anywhere from 4-10 domain administrators on the box. We have a rotating administration policy (so everyone get's a chance) and also, since we dogfood the product (even the beta's!) before the general public, we usually run into problems from time to time and more people need to be administrators to investigate what the heck is going on.

Well, this causes a headache for remote access. Every time I try to remote desktop into the server I get "Connection Limit Exceeded". Of course the work around is to TS directly to the console with the every so handy command:

mstsc /console /v {servername}

It's still annoying.

So, Group Policy comes in handy here again. I created a policy to automatically remove idle and disconnected sessions. Life is much easier now. Here's how to do it!

  1. Open Server Management and expand Advanced Management, Group Policy Management, Forest: {domain}, Domains, {domain name}.

  2. Right-Click on Domain Controllers and choose Create and Link a GPO Here...

  3. Give your GPO a friendly name so you can recognize it. I gave mine Terminal Services Timeout and choose OK.

  4. Find your Policy Object in the list under Domain Controllers and Right-Click it and choose Edit.

  5. In the Group Policy Object Edtior, expand Computer Configuration, Administrative Templates, Windows Components, Terminal Services and click on Sessions.

  6. In the right-hand pane, you have your configuration options, I set:

    • Set time limit for disconnected sessions - to 15 minutes

    • Sets a time limit for active but idle Terminal Services sessions - to 1 hour

    • Terminate session when time limits are reached - to Enabled

    And that's it!

Also, since this policy resides in the Domain Controllers OU, the policy will only affect the SBS box (unless of course you're rich and have backup/replica domain controllers).

Having this policy turned on makes the box *much* more easy to manage as I can always get to it, on the first try. Heck it may even save some resources, but I highly doubt it.


cheap replica watches said...

The add-ons that both women and men would possibly constantly like to acquire is mostly a enjoy. Wrist watches are located in different sizes and shapes, colors, and in some cases the fabric it will be produced. It might adjust our seem with be familiar with view distressed anytime where cheap replica hermes handbags by. Exercise plan considerably more best imitation Panerai watches focus in the search people task by picking out best replica Audemars Piguet Classique Collection watches a close look that might supplement this attire simillar to it might possibly additionally cause you to be be surface advanced replica gucci handbags and even elegant given that the situation may high quality Replica Breitling Watches be. Equally simply because watches range between each several other, the fees differ too and some top standard designer watches can be quite pricey. Designer running watches first is without a doubt expensive and not only just peddled or simply marketed wherever and soon you obtain bamboozled and uncover the individual counterfeit belonging to the initial. However attempting to keep them as a result of suppliers will mean that far more reducing spending that can be used pertaining to help you other items you are interested in acquire.