Add disconnect as option?

Question

Add disconnect as option?

stepher15 opened this issue 3 years ago · comments

Would it be possible to add the disconnect option?
When the user has reached an idle time limit, disconnect the user. This will allow them to reconnect to their session.

Thanks!

Ryan Newington · Answer 1 · Tue Mar 23 2021 03:11:20 GMT+0800 (China Standard Time)

@stepher15 are you looking for a solution for remote desktop users, or users logged on at the physical computer?

stepher15 · Answer 2 · Tue Mar 23 2021 03:21:25 GMT+0800 (China Standard Time)

Strange situation I have run into..

We use VMWare Horizon Published Applications on 2016 RDSH servers.

The users have session portability, which allows a user to reconnect to their session when remote or onsite (within the idle time for logging off a disconnected user)

The problem is when the user is remote (15 minutes idle time disconnect), and then comes in to the office and reconnects to their session, we don't want that idle session to be 15 minutes anymore. This will be controlled from the use of Imprivata SSO agent on the computer to disconnect the user session when Idle time is reached.

When remote, the idleloggoff.exe would be launched to track idle time. however when the endpoint is an internal computer, we would simple kill the exe and let the SSO agent handle the idle session timeout.

Hope this helps?

Ryan Newington · Answer 3 · Tue Mar 23 2021 03:42:31 GMT+0800 (China Standard Time)

Thanks for the context, that does help. Do you ever plan on logging the user off after a certain time? Is the ask for disconnect after X time and then logoff, or is there no automatic logoff in play in your scenario?

…

________________________________ From: stepher15 ***@***.***> Sent: Tuesday, March 23, 2021 6:21:42 AM To: lithnet/idle-logoff ***@***.***> Cc: Ryan Newington ***@***.***>; Comment ***@***.***> Subject: Re: [lithnet/idle-logoff] Add disconnect as option? (#31) Strange situation I have run into.. We use VMWare Horizon Published Applications on 2016 RDSH servers. The users have session portability, which allows a user to reconnect to their session when remote or onsite (within the idle time for logging off a disconnected user) The problem is when the user is remote (15 minutes idle time disconnect), and then comes in to the office and reconnects to their session, we don't want that idle session to be 15 minutes anymore. This will be controlled from the use of Imprivata SSO agent on the computer to disconnect the user session when Idle time is reached. When remote, the idleloggoff.exe would be launched to track idle time. however when the endpoint is an internal computer, we would simple kill the exe and let the SSO agent handle the idle session timeout. Hope this helps? — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#31 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEDOQNKQNWIBC62ILXIGA2TTE6KENANCNFSM4ZTU52RA>.

stepher15 · Answer 4 · Tue Mar 23 2021 03:45:29 GMT+0800 (China Standard Time)

The Logoff is handled by the VMware Horizon Connection Server. No logoff required, simply a disconnect after xx time of being idle.
Thanks.

Ryan Newington · Answer 5 · Tue Mar 23 2021 15:24:31 GMT+0800 (China Standard Time)

Hmm, that might be a bit tricky. The app runs an internal loop that terminates when the idle event occurs and the app essentially stops. The changes needed to support your scenario are fairly substantial, especially as we probably need to start interrogating the terminal services API, to determine connected/disconnected session state and act accordingly. For this reason, I don't think this is specifically a good fit for idle logoff.

Windows has the ability to disconnect idle remote desktop sessions out of the box with GPO. If you have the ability to arbitrarily run something at start up based on if the user is remote or not, have you tried just setting the windows idle session reg keys using a script?

https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_SESSIONS_Idle_Limit_1

If that sort of approach is not suitable or possible, we can quote you on a small custom app to do what you are after. Feel free to email support@lithnet.io if this is the path you want to go down.

stepher15 · Answer 6 · Tue Mar 23 2021 19:56:13 GMT+0800 (China Standard Time)

I have sent an email over for a custom application. I will close this request off.
Thanks.