Several of our admins have a bad habit of closing but not logging off from, their remote desktop sessions to multiple servers. We would like to setup a GPO that will automatically log off RDP sessions that have been idle for longer than X.
What I am trying to figure out, is to what I would link the GPO to. Would I link it to the OU which contains the servers, or do I link it to the accounts of the admins themselves?
You can set it in either Computer Configuration or User Configuration and you should set it based on whether you want to target the user (setting applied to any server where the specific user has an RDP session) or to the computer (setting applied to specific server where any user has an RDP session).
If you set it in Computer Configuration then you should link the GPO to the OU where the computer objects reside.
If you set it in User Configuration then you should link the GPO to the OU where the user objects reside.
If you link it to both the Computers and the users OU then the Computer Configuration settings take precedence over the User Configuration settings.