Sunday, November 21, 2010

Setting remote desktop timeouts in the registry

If you're using terminal server you should be using the terminal server settings, or even better, group policy. However, if you are running an XP Pro install without a domain the only option is to modify the registry. Or if you have a domain but just want to change one XP Pro install it can be easier to do the registry modification instead of setting up a GPO for the single desktop. In my case there are two people with individual accounts accessing a single XP Pro computer remotely on occasion, but one of the two always leaves their session open so the other can never just log in without forcing the other's session closed. I set up an idle timeout on the XP Pro computer so now neither of them are allowed to let their session sit idle for too long.

You can change just about any remote desktop setting from within the registry, but the main two you're likely looking for since you're reading this post are MaxDisconnectionTime and MaxIdleTime. They can be found in the registry under:

HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Terminal Server->WinStations->RDP-TCP

MaxDisconnectionTime is how long a session that has been disconnected can be kept alive. It is useful if you have users that like to click the X on the RDP bar rather than logout. MaxIdleTime is for how long an idle session stays alive, just in case you have users who should be logging out but always stay logged in regardless of whether they're doing anything or not. These values are set in milliseconds, and make sure to enter your value in decimal (unless you figured out your value in hex, but I'm going to guess most people wouldn't bother with that). If you want to limit the overall connection time, you could change MaxConnectionTime to define a limit for that as well.

In my example above, since I didn't want either user staying logged in to this particular computer, I set MaxIdleTime to 2 hours, which is actually a value of 7,200,000 in the registry (2 hrs * 60 min/hr * 60 sec/min * 1,000 millisec/sec). That way if their session is idle for 2 hours they get disconnected automatically and no one has to worry about forcing the other session closed.

1 comment:

Anonymous said...

Thank you! Trying to run S2012 R2 as workgroup only.

Biggest issue so far is RDS trying to force AD, but RDS on DC is not just frowned-upon but not "permitted" - these settings should help lots!