This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop-down list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. If you disable or do not configure this policy setting, Remote Desktop Services allows sessions to remain active but idle for an unlimited time. You can specify time limits for active but idle sessions on the Sessions tab in the Remote Desktop Session Host Configuration tool. If you want Remote Desktop Services to terminate-instead of disconnect-a session when the time limit is reached, you can configure the "Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSession Time LimitsTerminate session when time limits are reached" policy setting. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. Countermeasure: Configure this setting depending on your organization's requirements. Potential Impact: Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSession Time LimitsSet time limit for active but idle Remote Desktop Services sessions (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services!MaxIdleTime

[never/1 minute/5 minutes/10 minutes/15 minutes/30 minutes]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for active but idle Remote Desktop Services sessions (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime