Server #1: Windows Server 2012 Standard. This is the DC. In user's profiles, we have these three settings:
End a disconnected session 1 hour
Idle session limit 3 hours
When a session limit is reached... -> Disconnect from session
Note that this MUST be at the user level, since my admin user account, unlike end user accounts, has a need to remain logged onto a couple of our RDS servers 24/7 to run local applications that cannot be run as services.
Server #2: Windows Server 2012 R2 Standard. This is the RDS server.
Users log onto local machines (mostly Windows 7 Pro), then use RDS on Server #2 (remotely, across a VPN) to run certain applications.
The AD settings on Server #1 should ensure that each user's RDS session to Server #2 is eventually disconnected, then logged off, when users:
1)Leave for the day without logging off their local machines,
2)Log off their local machines without first logging off the RDS server, or
3)Disconnect from the RDS server instead of logging off.
This helps with administration. If timed-out or disconnected sessions are logged off automatically, then when I log on at midnight to troubleshoot a problem or do a reboot, I do not have to infer whether a users is actually still working; only truly active or recently-disconnected sessions should appear in my RDS sessions.
But this is not happening, or at least not consistently. I often find users that have been connected for several days or sessions that have been disconnected for several hours. I have already checked to ensure that these users' AD settings are those above.
Is there a GPO that I also need to edit on the RDS server to make it enforce my AD settings?