RemoteApp programs ‘lock’ after 10 minutes of inactivity

if the user was to leave their computer for 10 minutes, when they returned the RemoteApp was locked. It required re-entering the password for the TS account in use for these apps, something which they shouldn’t even have to know (and don’t)

I’ve just rolled out a 32-bit Windows 2008 Server, for the sole purpose of running our legacy DOS and other 16-bit applications via a Terminal Server (these apps are just a little long in the tooth, but still currently important part to the firm I work for). We’re running Windows 7 x64, so DOS mode is now a non-entity for us on local systems.

For the problem I suffered, this was beside the point. After some effort, the RemoteApps would work absolutely fine, but if the user was to leave their computer for 10 minutes, when they returned the RemoteApp was locked. It required re-entering the password for the TS account in use for these apps, something which they shouldn’t even have to know (and don’t).

With Google as my friend, I set out trying to find a resolution. The resolution was along the lines I thought it might be – it’s all to do with a screensaver ‘time-out’ (the time marker for displaying the screensaver), which kicks in regardless of whether a screen saver is set or not. There were a series of solutions, most suitably involving Group Policy, but I simply couldn’t get them to work.

The problem is, the articles out there tell you what to do, but don’t clarify that the policy needs to ultimately apply to the Terminal Server, or the user account in use with Terminal Server. By implication I was left believing that the policy should be applied to the user workstation itself, and that the 10 minute screen saver setting for the workstation was causing a lock to the remoteapps. This is not the case.

Having established this, I set about creating a GPO. In my case, the setup is simple versus other real world scenarios; I only need one user account that all my RemoteApps are run through, and I only have one 2008 Terminal Server. I have done everything on the terminal server to ensure my user account can access the server via RDP, whether via a RemoteApp or full Remote Desktop Connection.

Because my setup is basic, I was able to put both the TS user account and the Terminal Server in its own OU called ‘Terminal Servers’. From here, I created and linked a GPO, and set the following policy setting:

User Configuration -> Policies -> Administrative Template -> Control Panel / Personalization -> Screen saver timeout

I enabled this setting, and set the value to 0 seconds.

If you have a more complex setup, with Terminal Servers in different OUs to user accounts (highly likely), you may need to play around with loop back processing to get this to work. Also, the templates for GPOs in my Active Directory are based around 2008 R2, so you may find the ‘Screen saver timeout’ setting in a slight different place.

To expidite the application of the new setting, run gpupdate /force from a TS user session on the Terminal Server. Otherwise, wait a time and it should kick it (although a restart to the server might be a good idea, to refresh any disconnected but still open TS sessions).

Leave a Reply

Your email address will not be published. Required fields are marked *