On Wed, May 6, 2020 at 8:40 AM Kaminski, Thomas <[email protected]> wrote:
> Hello together, > > > > we have the challenge, that our users use common service accounts to login > into a windows server with rdp. > > This works fine and we are happy. > > > > Sometime a user closes the browser without ending the windows session. Log > off Chrome and so on. > > After this the session is not stopped and another user who logs into > guacamole and gets the legacy session of the first user. > > Our problem is, the second user is not the first user, and see the foreign > content. > > This reconnect is in a timeframe of seconds. We not need a solution, that > act in a timeframe of minutes. > > > > Is it possible to force an automatic logout from the session? > > We tried a lot of local policies on windows side. Without success. > > Except the api-session-timeout I didn’t find another configuration items. > And this is only for idle session in a unit of minutes. > > > > We use Guacamole 1.0 on Debian 10 in Azure. The Backend are Windows Server > 2016 in Azure. > > Guacamole proxy daemon (guacd) version 1.0.0 > > > How do you handle this without Guacamole? This doesn't seem to be an issue with Guacamole so much as it is with Windows session management - that is, you would have the same issue if your users were using a traditional RDP client (MS RDP Client) or the Microsoft Web-based RDP gateway? I don't think Guacamole can necessarily help you with this - since RDP manages its own sessions, you would have to make sure that the RDP server is logging the users off as soon as they disconnect. I believe there are policies for this that you can enforce in GPO, but it would need to be done on the Windows side. -Nick >
