I often use the Windows Remote Desktop function to connect and remotely manage another Windows server. As you might know, there are many other better remote control software such as the free Virtual Network Computing (VNC) or even the popular Teamviewer, but I try to minimize the installations of third party software on the Server machines. If you don’t know what Remote Desktop is, it’s a protocol developed by Microsoft which allows you to view the display and control the mouse and keyboard of another computer at different location, as if you were sitting in front of the computer.
I never have any problems with Remote Desktop and it works as I expect it to, except for only one annoyance which is if I leave it idle for a few minutes, it auto logs off and I have to re-enter the password to login again. This is very annoying whenever I am reading the log files or the console messages that are displayed on screen. Fortunately there is quite a simple solution for how to disable remote desktop auto logoff on idle.
It took a couple of days trying to find the solution because I actually misunderstood the problem in the first place. I thought the system was auto logging out when idle but it turns out that it was the screen that was locked. No wonder setting “Never” for idle session limit in RDP Properties didn’t work.Disabling Remote Desktop Services features.; 2 minutes to read; m; k; m; In this article. For enhanced security, you might choose to disable Remote Desktop Services features such as clipboard redirection and printer redirection for clients that connect to Remote Desktop Session Host (RD Session Host) servers using the Remote Desktop ActiveX Control. NOTE: Enabling RDP through the GIU will also configure the Windows Firewall with the appropriate ports to allow RDP connections. NOTE: To Disable Remote Desktop select the Don’t allow remote connections to this computer radial button. Method 2: Registry. To enable remote desktop by directly editing the registry use the following steps. How to Disable Remote Desktop in Windows 8, Windows 7, Windows Vista and Windows XP. Navigating to the Remote Desktop settings is a similar process in early versions of Windows 8 and all versions. To disable UAC remote restrictions, follow these steps: Click Start, click Run, type regedit, and then press ENTER. Locate and then click the following registry subkey: HKEYLOCALMACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem. If the LocalAccountTokenFilterPolicy registry entry doesn't exist, follow these steps. NOTE: Enabling RDP through the GIU will also configure the Windows Firewall with the appropriate ports to allow RDP connections. NOTE: To Disable Remote Desktop select the Don’t allow remote connections to this computer radial button. Method 2: Registry. To enable remote desktop by directly editing the registry use the following steps.
By default Windows Server activates the screen saver if the computer has been idle for 10 minutes and the setting “On resume, display logon screen” will also be checked. So if Windows detects no activity for 10 minutes, the screen saver will be activated and when we get back to the Remote Desktop Connection, the screen saver is removed and then prompts to login. To solve this problem, you can either disable the screen saver or remove the logon screen on resume.
The solution
To disable the auto lock screen when idle, the easiest solution which requires only a click is to download this registry fix file, run it on the computer that is automatically getting locked and restart the PC for the changes to take effect. Alternatively, here are the steps if you prefer to do it manually.
1. Right click Desktop and select Personalize
2. Click Screen Saver
3. Uncheck “On Resume, display logon screen” and click OK.
Now you can remain idle on the remote desktop connection as long as you want and you won’t be locked out. And obviously this also works on an ordinary PC if you keep receiving the login screen whenever you come out from a screensaver.
If the “On Resume, display logon screen” checkbox is disabled or grayed out like what is shown at the screenshot below, it means that there is a group policy being implemented probably by your company’s network administrator to prevent the local logged in user from changing this setting.
Fortunately bypassing the policy is as easy as download and running another registry fix. We’ve provided two different registry fixes where you can either delete the policy so that it will be possible for you to manually enable/disable the settings, or you disable the option while maintaining the checkbox grayed out.
Download Reg Fix to Delete Password protect the screen saver Group Policy
Download Reg Fix to Disable Password protect the screen saver Group Policy
You might also like:
Remotely Enable or Disable Windows Remote DesktopChange the Listening Port for Microsoft Remote Desktop ConnectionHow To Disable CD or DVD Auto Eject in Windows Vista, 7 and 8Concurrent RDP Patcher Enables Remote Desktop in Windows 7 Home PremiumTransfering Files From Local Computer to Connected Remote Desktop Session 29 Comments - Write a Comment
Uninstall Remote Desktop Windows 10
Thank you so much for sharing! I’ve got a Windows 2019 server which is continually running a script, and every time the screen locked up, the script would fail. It was driving me crazy having to constantly switch over to that session just to keep the screen alive, and all the tricks with editing group policy, disabling screen saver, keeping monitor constantly on, etc. had done no good. This appears to have finally solved it!
ReplyHmm…this has nothing to do with Remote Desktop. It disables the computer’s screen lock, not just for Remote Desktop.
ReplyNo-one said it was just for remote desktop, the article explains what the problem was and the solution.
ReplyDid you read the title of the article?
ReplyYes I did, does it say the solution was *just* for remote desktop? It makes no difference that the problem is related to another Windows setting and not directly connected to remote desktop itself. If you get this while you’re in remote desktop, here’s how to fix it, no more, no less…
ReplyThank you! I was getting frustrated at how often I had to log back into my RDC. I turned off the screen saver, and adjusted the power/idle settings, but it still kept locking. Ticking that check box was the one thing I was missing, and now it works great! Thank you!
Replythanks to match it help me
ReplyGo around group policy thing doesn’t work for me.
ReplyAwesome thanks alot you help
ReplyIn your introduction, you make it sound like VNC or TeamViewer are superior to RDP, which is wrong. VNC actually transmits video as a stream of compressed images (eg. JPEGs), i assume TeamViewer does something similar though its a bit faster. RDP just sends a stream of rendering instructions to the client OS, which then reconstructs the image. RDP compared to VNC is very low bandwidth and latency. In addition you can easily access drives and printers (without the need for a driver) from the client machine in the RDP session.
ReplyAgreed. I almost had to stop reading the article when it said that VNC was better than RDP. RDP is superior to VNC in almost every possible way. I’ve written a VNC (RFB) server. Frankly, RFB (the protocol for VNC) is a crap protocol. It’s just usually all you have available when you’re not on a Windows box.
VNC is slower, higher latency, less secure, has fewer features available, and everything beyond the basics is done with extensions that are typically vendor-specific and so only work if the client and server are from the same vendor (file transfer, for example.)
ReplySo you’re getting annoyed because someone has a different opinion and preference to you…? Are people that don’t agree with you automatically wrong?
ReplyI have to agree,with your opinion and position on this and Most things you Comment on. Well Done!!! And thank you for the RIGHT INFORMATION,METHODS,and your Opinions…
ReplyWe’re using RDP to connect to a server that when the connection is established the login launches a specific program with a switch to activate one section of the program.
All of that is working fine. However, the 10 minute “lock” kicks in and the session has to be terminated (no keyboard available to the user since this is a public viewing station.)
There is no screen saver on the server, no screen saver on the workstation. Yet the session still locks the TS session.
Here’s the flow:
WinXP Pro workstation –> Windows 2003 server
LAN connection 100mb/s
I have set the idle time and disconnect times on the server to NEVER, but the sessions are still being locked after 10 minutes.
Any ideas or direction would be greatly appreciated.
– Mike
ReplyThanks!
ReplyThis works, thanks.
ReplyThanks so much! This is exactly what i was looking for and I too made the mistake of thinking I could fix this with the RDP Idle Session timeout settings.
ReplyGood work :) thanks
ReplySo awesome!! This has been driving me nuts since my password is 20 random characters. Thank you!
ReplyRemote Desktop Windows 7 Download
Great tip! Thank you
ReplyWell, it may be newbie, but it sure helped us out.
Good job posting this!
Awesome been looking for this “fix”
ReplyThis has been bugging me for months, now it is gone. Thank you for solving a nagging problem.
ReplyHi,
Thanks a lot its really short simple and helpful.
Awesome! I just had remote computer re-imaged. Then this started happening. Thanks so much for this post it was awful having to log in every time I returned to the remote computer.
Windows 7 Disable Remote Desktop Registry
Replywow i feel stupid for not thinking of this…have been looking for a solution too. thanks man!
Replythank you man
Replythank you very much…
my problem solved.
Thank You so much..this helps a lot…
ReplyLeave a Reply
By default on a Windows Server Product Windows Remote Management (WinRM) is enabled, but Remote Desktop (RDP) is Disabled. On workstation operating systems neither is enabled by default, so if you want to be able to accomplish the following you will need to enable WinRM on the workstations.
Enabling RDP remotely.
Method 1: Command Line
To enable RDP with the Command Prompt, use the following steps.
- Launch the Command Prompt as Administrator.
- Type the following command:
Reg add“computernameHKLMSYSTEMCurentControlSetControlTerminal Server”/vfDenyTSConnections/tREG_DWORD/d1/f |
Method 2: Using PowerShell
To enable RDP with the PowerShell, use the following steps.
Option 1
To enable RDP:
- Launch PowerShell as Administrator.
- Type the following command and create a script block and use the Invoke-Command cmdlet:
Invoke-Command–Computername“server1”,“Server2”–ScriptBlock{Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value0} |
NOTE: Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
Type the following:
Invoke-Command–Computername“server1”,“Server2”–ScriptBlock{Enable-NetFirewallRule-DisplayGroup'Remote Desktop'} |
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect.
To disable RDP with the PowerShell, use the following steps.
- Launch PowerShell as Administrator.
- Type the following command:
Invoke-Command–Computername“server1”,“Server2”–ScriptBlock{Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value1} |
Option 2
To enable RDP RDP with the PowerShell, use the following steps.
- Launch PowerShell as Administrator.
- Create a PS Session with the desired target computer.
- Type the following command once possession is established:
Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value0 |
NOTE: Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
Type the following:
Enable-NetFirewallRule-DisplayGroup'Remote Desktop' |
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect.
To disable RDP RDP with the PowerShell, use the following steps.
- Launch PowerShell as Administrator.
- Create a PS Session with the desired target computer.
- Type the following command once possession is established:
Set-ItemProperty-Path'HKLM:SystemCurrentControlSetControlTerminal Server'-Name'fDenyTSConnections'–Value1 |
Method 3: Use Group Policy
If you have numerous Servers and/or Workstations that you need to enable RDP on and they are in the same Organization Unit structure in Active Directory you should enable RDP through Group Policy.
To enable RDP Using Group Policy.
- Launch the Group Policy Management Console (GPMC)
- Either edit an existing Group Policy Object (GPO) or create a new GPO.
- Navigate to the following GPO node:
Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostConnections
- In the Settings pane double click Allow users to connect remotely by using Remote Desktop Services.
- Select the Enable Radial button select OK.
- Close the GPO editor and link the GPO to the appropriate Organizational Unit.
NOTE: Enabling RDP through GPO will configure the Windows Firewall with the appropriate ports to allow RDP connections.
Block Remote Desktop Access
Note: In all the methods demonstrated in this blog any member of the local Remote Desktop Users group will be able to connect to the target computers.
Until next time – Ride Safe!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ
You May Also Like
Windows 7 Disable Remote Desktop Services
CategoryPowerShell, Windows Server 2012Windows 7 Disable Remote Desktop App
TagsGPMC, GPO, Group Policy Management Console, Group Policy Object, Invoke-Command, Powershell, RDP, RDP connections, remote desktop, Windows Remote Management, WinRM