Set time limit for active but idle Remote Desktop Services sessions
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects which allows the user to press a key or move the mouse to keep the session active. If you have a console session idle session time limits do not apply. If you disable or do not configure this policy setting the time limit is not specified at the Group Policy level. By default Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached you can configure the policy setting Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits -> End session when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.
Set time limit for disconnected sessions
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state running programs are kept active even though the user is no longer actively connected. By default these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time select Never. If you have a console session disconnected session time limits do not apply. If you disable or do not configure this policy setting this policy setting is not specified at the Group Policy level. Be y default Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.
Set time limit for disconnected sessions
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state running programs are kept active even though the user is no longer actively connected. By default these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time select Never. If you have a console session disconnected session time limits do not apply. If you disable or do not configure this policy setting this policy setting is not specified at the Group Policy level. Be y default Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.
End session when time limits are reached
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. If you enable this policy setting Remote Desktop Services ends any session that reaches its time-out limit. If you disable this policy setting Remote Desktop Services always disconnects a timed-out session even if specified otherwise by the server administrator. If you do not configure this policy setting Remote Desktop Services disconnects a timed-out session unless specified otherwise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting takes precedence.
End session when time limits are reached
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. If you enable this policy setting Remote Desktop Services ends any session that reaches its time-out limit. If you disable this policy setting Remote Desktop Services always disconnects a timed-out session even if specified otherwise by the server administrator. If you do not configure this policy setting Remote Desktop Services disconnects a timed-out session unless specified otherwise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting takes precedence.
Configure RD Connection Broker server name
This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server. If you enable this policy setting you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012 R2 for a high availability setup with multiple RD Connection Broker servers you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. If you disable or do not configure this policy setting the policy setting is not specified at the Group Policy level. Notes: 1. For Windows Server 2008 this policy setting is supported on at least Windows Server 2008 Standard. 2. This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. 3. To be an active member of an RD Session Host server farm the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers Session Broker Computers or RDS Endpoint Servers.
Use IP Address Redirection
This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server. If you enable this policy setting a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method client computers must be able to connect directly by IP address to RD Session Host servers in the farm. If you disable this policy setting the IP address of the RD Session Host server is not sent to the client. Instead the IP address is embedded in a token. When a client reconnects to the load balancer the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. If you do not configure this policy setting the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default. Notes: 1. For Windows Server 2008 this policy setting is supported on at least Windows Server 2008 Standard.
Configure RD Connection Broker farm name
This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a new farm name a new farm is created in RD Connection Broker. If you specify an existing farm name the server joins that farm in RD Connection Broker. If you enable this policy setting you must specify the name of a farm in RD Connection Broker. If you disable or do not configure this policy setting the farm name is not specified at the Group Policy level. Notes: 1. This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy. 2. For Windows Server 2008 this policy setting is supported on at least Windows Server 2008 Standard.
Join RD Connection Broker
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker the Remote Desktop Session Host role service must be installed on the server. If the policy setting is enabled the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. If you disable this policy setting the server does not join a farm in RD Connection Broker and user session tracking is not performed. If the policy setting is disabled you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. If the policy setting is not configured the policy setting is not specified at the Group Policy level. Notes: 1. If you enable this policy setting you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. 2. For Windows Server 2008 this policy setting is supported on at least Windows Server 2008 Standard.
Require secure RPC communication
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is set to Enabled Remote Desktop Services accepts requests from RPC clients that support secure requests and does not allow unsecured communication with untrusted clients. If the status is set to Disabled Remote Desktop Services always requests security for all RPC traffic. However unsecured communication is allowed for RPC clients that do not respond to the request. If the status is set to Not Configured unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services.