Any security risks you can foresee with a server build that has RDS disconnection timeout of 3 days compared to 1 day (standard practice). Its just on the same domain and user account will be restricted to only have the ability to logon to that server. Proposed session times:
Active Session Limit : 3 Days - then disconnect / kill session Idle session time : 2 hours - then disconnect / kill session
Context - data science team need more than one day to complete tasks that are being run on a rdp connection to new server being built.
Not really a security risk, the session can be only reconnected/used with the correct credentials. If the RDS session is being accessed through a Gateway, you could check if users are prompted for MFA again when reconnecting.