Terminal Services (TS) Remote Configuration Primer Part II

Terminal Services (TS) Remote Configuration Primer Part II

  • Comments 1
 

How to Configure TS session limit remotely

TS provides many settings that allow an administrator to customize to their specific requirements.

This settings can be set for a specific user (in Terminal Services Extension to Local Users and Group, and Active Directory servers and Computers), at the server level, and through group policy. If both user and server settings are set, the server setting takes precedence. Group policy always takes precedence over other settings.

I would like to talk about how to configure connection timeout settings with Terminal Services Configuration (TSCC.msc, or TSConfig.msc in Longhorn Server) UI tool and the TS WMI provider (Sever level setting). These connection timeout settings allow the administrator to tell TS what to do when a time limit is reached.

For example, the administrator can customize TS to automatically end all disconnected sessions when a disconnected session limit is reached, or disconnect or logoff all Active sessions when an active session limit is reached.

Terminal Services Configuration

To run Terminal Services Configuration, go to Start Menu->Programs->Administrative Tools, click on the Terminal Services Configuration.

In Win2k3 and earlier, this tool can be run directly as TSCC.msc.  In Longhorn Server, it's called TSConfig.msc.

To access the connection timeout settings, double click on RDP-Tcp.  When the "RDP-tcp Properties" dialog box shows up, click on the Sessions tab, and you'll see the following (the settings are within the red rectangle):

RDP-Tcp Properties on LHS

In Win2k3, the dialog looks like this:

RDP-Tcp Properties on Win2k3

By default, TS allows TS sessions to remain for an unlimited amount of time. To change the default check the "Override User Settings" check box, then select the desired time limit from the drop down boxes. To save settings, click the Apply or Ok button.

In Win2k3 and earlier, TSCC.msc can be used for local server (localhost) only.

In Longhorn Server, TSConfig.msc is able to target to a remote server and perform configuration remotely. To target to a remote server, select the "Connect to Terminal Server" action in Actions pane. If the actions pane is hidden, click on View->Customize... menu, and check the "Action pane" check box to show the Actions Pane.

 

WMI

Previously I briefly covered some general information on the TS WMI provider. If you are not familiar with the WMI environment, and find this section not easy to follow, it may help to take a look at my previous post.

The time limit settings are exposed in the class template Win32_TSSessionSetting. To check the settings, you can use the read-only properties ActiveSessionLimit, DisconnectedSessionLimit and IdleSessionLimit. These properties return the time limit in milliseconds.

To override time limit user settings (this setting corresponds to the TSCC/TSConfig "Override user setting" for session limit check box), you can use the read/write TimeLimitPolicy property.

To change the time limit, you can use the TimeLimit method.

The read-only property BrokenConnectionAction shows the current setting for action TS will take when the time limit is reached.

To override broken connection user settings (this setting corresponds to the TSCC/TSConfig "Override user setting" for the "When session limit is reached or connection is broken" check box), you can use the read/write BrokenConnectionPolicy property.

To tell TS what to do when the time limit is reached for Active and Idle sessions, you can use the BrokenConnection method.

 

For example, in vbs, if you want to change the active session limit to 30 minutes, and end the connection when this time limit is reached:

Set obj = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\cimv2\TerminalServices:Win32_TSSessionSetting.TerminalName='RDP-Tcp'")
wscript.echo "Override user setting " & obj.TimeLimitPolicy
wscript.echo "Active session limit is (ms) " & obj.ActiveSessionLimit
wscript.echo "Action is " & obj.BrokenConnectionAction
' set overrride user setting
obj.TimeLimitPolicy = 0
obj.put_
' set timme limit
obj.TimeLimit "ActiveSessionLimit", 1800000
obj.refresh_
' set action
obj.BrokenConnectionPolicy = 0
obj.put_
obj.BrokenConnection 1
obj.refresh_
wscript.echo "Override user setting " & obj.TimeLimitPolicy
wscript.echo "Active session limit is (ms) " & obj.ActiveSessionLimit
wscript.echo "Action is " & obj.BrokenConnectionAction

Please note the GetObject method, we can use the property with Key qualifier (TerminalName='RDP-Tcp') to query the object instance we want. This is particularly helpful if you have multiple connections (such as RDP-Tcp, eHome, etc.) in your TS server.

Similarly, we can use the wmi moniker feature to simplify the remote case:

Set obj = GetObject("WinMgmts:{impersonationLevel=impersonate, authenticationLevel=PktPrivacy}" _
 & "!\\RemoteServer\root\cimv2\TerminalServices:Win32_TSSessionSetting.TerminalName='RDP-Tcp'")
wscript.echo "Override user setting " & obj.TimeLimitPolicy
wscript.echo "Active session limit is (ms) " & obj.ActiveSessionLimit
wscript.echo "Action is " & obj.BrokenConnectionAction
' set overrride user setting
obj.TimeLimitPolicy = 0
obj.put_
' set timme limit
obj.TimeLimit "ActiveSessionLimit", 1800000
obj.refresh_
' set action
obj.BrokenConnectionPolicy = 0
obj.put_
obj.BrokenConnection 1
obj.refresh_
wscript.echo "Override user setting " & obj.TimeLimitPolicy
wscript.echo "Active session limit is (ms) " & obj.ActiveSessionLimit
wscript.echo "Action is " & obj.BrokenConnectionAction

 

 

Leave a Comment
  • Please add 3 and 7 and type the answer here:
  • Post