By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Set auto-logoff / idle timeout settings in AWS Workspaces, via AD Tools is possible? via PCoIP?

0

Hello there, I am a little rusty with AWS Workspaces AD Tools management. But I am pretty sure I have this train of thought correct.

I want to use AD Tools, configured on a EC2 instance to manage my AWS Workspaces. I need to configure the 'set time limit for active but idle Remote Desktop Services sessions' and I am pretty sure you can do that via PCoIP protocol based Workspaces. Is that correct? I know this link indicates you cannot/should not do this for WSP-based Workspaces. https://docs.aws.amazon.com/workspaces/latest/adminguide/group_policy.html

IF this is possible can someone point me in the right direction so I know where to look in the AD Tools policies?

Topics
End User ComputingSecurity, Identity, & Compliance
Tags
Amazon WorkSpacesSecurity, Identity, & ComplianceAWS Directory Service
Language
English
rePost-User-0313018
asked 3 months ago255 views
1 Answer
1

Hello,

Greetings!! Thank you for contacting us!

I understand that you want to Set up auto-logoff / idle timeout settings in AWS Workspaces.

To commence, your understanding is correct as mentioned in our AWS documentation that "Set time limit for active but idle Remote Desktop Services sessions" is currently not supported on WSP WorkSpaces.

Now in order to use for PCOIP workspaces I have looked further and was able to find few third party articles and resources that might be helpful to serve your use case.

[ Note]:- I would suggest you to try these steps first on a testing workspace instance to prevent any production impact as these involve third party articles.

[+] https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/idle-time-out-gpo-for-remote-desktop-services-sessions-not/m-p/3413579

[+] https://thinkitsecurity.com.au/2021/02/12/modify-remote-desktop-server-idle-timeout-and-keep-alive-gpo/

[+] https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_SESSIONS_Idle_Limit_1

##Create a GPO :-

-> Log On a directory administration WorkSpace or an Amazon EC2 instance that is joined to your WorkSpaces directory.
-> Open group policy management console :: Run -> gpmc.msc.
-> Expand the Forest -> Domains -> look for the desired domain -> "Group Policy Objects" -> right click on "Group Policy Objects" and click on "New".
-> Name the Group policy accordingly - click "ok".
-> Right click on newly created GPO and click on Edit (This will open a new window called "group Policy Management Editor).
-> Expand "Computer Configuration" -> Policies -> Administrative Templates -> Windows Components -> remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits -> Double click on "Set time limit for active but idle Remote Desktop Services sessions" -> Select "Enabled" and Then select "Idle session limit" as per requirement. Ex: 15 min -> Click on "Apply".
-> From the same above path > Double click on "Set time limit for active Remote Desktop Services sessions" -> Select "Enabled" and Then select "Active session limit" as per requirement. Ex: 15 min -> Click on "Apply".
-> Go to the Desired OU and link the GPO from the list and hit "ok".

Additionally, for WSP workspaces I was able to find below AWS documentation that you can review as well.

[+] Enable or disable disconnect session on screen lock for WSP https://docs.aws.amazon.com/workspaces/latest/adminguide/group_policy.html#gp_lock_screen_in_wsp

I hope the above information is helpful.

Thanks again for reaching out to us!

AWS
SUPPORT ENGINEER
Ankur_V
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content