Jump to content

Newbie Setup Question

Guest compsosinc@gmail.com

By Guest compsosinc@gmail.com
in Windows NT Server

 Share

Recommended Posts

Guest compsosinc@gmail.com

Guest compsosinc@gmail.com

Posted
Posted

We have a SBS2000 (not 2003) server running Active Directory & a

Windows 2003 Server running as a Terminal server. We added (10) new XP

client computers to the AD and (10) generically named users who are

now just members of the "Domain Users" group. This setup for the sole

purpose of the (1) clients/users running one application on the

Terminal Server. It appears that if Active Directory were running on

Windows 2003 Server we could just add the clients to the Remote

Desktop USers group to accomplish some of the things we need to

accomplish. However that group is not available in Windows 2000 AD.

 

So here is our goal for the (10) new clients:

 

1. We want every client to have the same TS desktop. It will include

the icon for starting the application and nothing else except the same

program on the Start Menu in case the icon gets deleted. No other

programs should be listed.

2. We do not want the users to have access to a local desktop.

3. We do do want any user to be able to install anything to the TS

from the USB drive or CDROM, but we do not want this hardware

disabled.

4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

want the system to boot and automatically display a customized TS

desktop for each of the (10) systems. If it is preferable/recommended

to have the CTRL+ALT+DEL prompt, we want each client tohave the same

login an go directly to the TS without the user manually launching RDP

connection.

5. We do not want the users to have Internet Access from the TS. We

have read about using the 127.0.0.0.

6. Possibly a mapped drive to the SBS2000 data partition to open

particular shared files in "read only" using a program installed on

the TS.

 

Can we accomplish all of the above?

 

Can anyone provide a starting point -thanks. We are currently reading

much material and have a Virtual PC setup with Windows 2003 Servers

only (no 2000 AD) but basically see we need to start with new OU.

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Patrick Rouse

Guest Patrick Rouse

Posted
Posted

RE: Newbie Setup Question

 

1. You can use Group Policy to redirect the desktop, and start menu to read

only directories that you manage.

 

http://www.msterminalservices.org/articles/Configure-Folder-Redirection.html

 

2. Replace the local OS with a thin-client Linux OS, so it boots directly

to the RDP Client.

 

http://www.sessioncomputing.com/thin-clients.htm

 

3. Lock down the file system and use Software Restriction Policies to

restrict what users can do.

 

http://www.sessioncomputing.com/security.htm

 

 

4. See number 2, but do NOT use the same logon for each user or you will

have profile problems.

 

5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

addresses you need to allow.

 

6. Use a logon script.

 

 

--

Patrick C. Rouse

Microsoft MVP - Terminal Server

Provision Networks VIP

Citrix Technology Professional

President - Session Computing Solutions, LLC

http://www.sessioncomputing.com

 

 

 

"compsosinc@gmail.com" wrote:

> We have a SBS2000 (not 2003) server running Active Directory & a

> Windows 2003 Server running as a Terminal server. We added (10) new XP

> client computers to the AD and (10) generically named users who are

> now just members of the "Domain Users" group. This setup for the sole

> purpose of the (1) clients/users running one application on the

> Terminal Server. It appears that if Active Directory were running on

> Windows 2003 Server we could just add the clients to the Remote

> Desktop USers group to accomplish some of the things we need to

> accomplish. However that group is not available in Windows 2000 AD.

>

> So here is our goal for the (10) new clients:

>

> 1. We want every client to have the same TS desktop. It will include

> the icon for starting the application and nothing else except the same

> program on the Start Menu in case the icon gets deleted. No other

> programs should be listed.

> 2. We do not want the users to have access to a local desktop.

> 3. We do do want any user to be able to install anything to the TS

> from the USB drive or CDROM, but we do not want this hardware

> disabled.

> 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> want the system to boot and automatically display a customized TS

> desktop for each of the (10) systems. If it is preferable/recommended

> to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> login an go directly to the TS without the user manually launching RDP

> connection.

> 5. We do not want the users to have Internet Access from the TS. We

> have read about using the 127.0.0.0.

> 6. Possibly a mapped drive to the SBS2000 data partition to open

> particular shared files in "read only" using a program installed on

> the TS.

>

> Can we accomplish all of the above?

>

> Can anyone provide a starting point -thanks. We are currently reading

> much material and have a Virtual PC setup with Windows 2003 Servers

> only (no 2000 AD) but basically see we need to start with new OU.

>

Guest compsosinc@gmail.com

Guest compsosinc@gmail.com

Posted
Posted

Re: Newbie Setup Question

 

On Dec 9, 1:34 pm, Patrick Rouse

<PatrickRo...@discussions.microsoft.com> wrote:

> 1. You can use Group Policy to redirect the desktop, and start menu to read

> only directories that you manage.

>

> http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

>

> 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> to the RDP Client.

>

> http://www.sessioncomputing.com/thin-clients.htm

>

> 3. Lock down the file system and use Software Restriction Policies to

> restrict what users can do.

>

> http://www.sessioncomputing.com/security.htm

>

> 4. See number 2, but do NOT use the same logon for each user or you will

> have profile problems.

>

> 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> addresses you need to allow.

>

> 6. Use a logon script.

>

> --

> Patrick C. Rouse

> Microsoft MVP - Terminal Server

> Provision Networks VIP

> Citrix Technology Professional

> President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

>

>

> "compsos...@gmail.com" wrote:

> > We have a SBS2000 (not 2003) server running Active Directory & a

> > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > client computers to the AD and (10) generically named users who are

> > now just members of the "Domain Users" group. This setup for the sole

> > purpose of the (1) clients/users running one application on the

> > Terminal Server. It appears that if Active Directory were running on

> > Windows 2003 Server we could just add the clients to the Remote

> > Desktop USers group to accomplish some of the things we need to

> > accomplish. However that group is not available in Windows 2000 AD.

>

> > So here is our goal for the (10) new clients:

>

> > 1. We want every client to have the same TS desktop. It will include

> > the icon for starting the application and nothing else except the same

> > program on the Start Menu in case the icon gets deleted. No other

> > programs should be listed.

> > 2. We do not want the users to have access to a local desktop.

> > 3. We do do want any user to be able to install anything to the TS

> > from the USB drive or CDROM, but we do not want this hardware

> > disabled.

> > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > want the system to boot and automatically display a customized TS

> > desktop for each of the (10) systems. If it is preferable/recommended

> > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > login an go directly to the TS without the user manually launching RDP

> > connection.

> > 5. We do not want the users to have Internet Access from the TS. We

> > have read about using the 127.0.0.0.

> > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > particular shared files in "read only" using a program installed on

> > the TS.

>

> > Can we accomplish all of the above?

>

> > Can anyone provide a starting point -thanks. We are currently reading

> > much material and have a Virtual PC setup with Windows 2003 Servers

> > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

>

> - Show quoted text -

 

Thank you for replying--- these links look very helpful. With regards

to Question#2 & #4, we have already purchased new XP-based systems--

not thin clients--because in the future we may have to install locally

based programs and wanted to have that option if we needed it. So

changing the local OS & hardware is not an option here.

 

We have setup (10) separate generically-named user accounts, and

currently they are all members of the "Domain Users" group within the

2000 AD. Are you stating that since we are using XP-based systems,

there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

example, we have in another Windows 2000 based server (unrelated to

this network), set a registry value to automatically login the startup

account when the system boots. Since we have separate user accounts,

can we do this for a domain login with XP? Or is this generally, not a

"best practive" approach? For instance, if we have a hardware/OS

problem and need to login into the system locally for troubleshooting

purposes?

 

Finally, do we need to make these users members of any other group

other than "Domain Users" in order to meet our goals?

 

Thank you so much.

Guest Patrick Rouse

Guest Patrick Rouse

Posted
Posted

Re: Newbie Setup Question

 

You can definitely configure the XP Machines to autologon, then launch the

RDP Client to connect to the TS of your choice. Getting it so the end user

has no access to the local desktop will likely require the purchase of a 3rd

party product to replace the Explorer shell.

 

Check with triCerat, as I think they make something like this.

 

 

--

Patrick C. Rouse

Microsoft MVP - Terminal Server

Provision Networks VIP

Citrix Technology Professional

President - Session Computing Solutions, LLC

http://www.sessioncomputing.com

 

 

 

"compsosinc@gmail.com" wrote:

> On Dec 9, 1:34 pm, Patrick Rouse

> <PatrickRo...@discussions.microsoft.com> wrote:

> > 1. You can use Group Policy to redirect the desktop, and start menu to read

> > only directories that you manage.

> >

> > http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

> >

> > 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> > to the RDP Client.

> >

> > http://www.sessioncomputing.com/thin-clients.htm

> >

> > 3. Lock down the file system and use Software Restriction Policies to

> > restrict what users can do.

> >

> > http://www.sessioncomputing.com/security.htm

> >

> > 4. See number 2, but do NOT use the same logon for each user or you will

> > have profile problems.

> >

> > 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> > addresses you need to allow.

> >

> > 6. Use a logon script.

> >

> > --

> > Patrick C. Rouse

> > Microsoft MVP - Terminal Server

> > Provision Networks VIP

> > Citrix Technology Professional

> > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

> >

> >

> >

> > "compsos...@gmail.com" wrote:

> > > We have a SBS2000 (not 2003) server running Active Directory & a

> > > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > > client computers to the AD and (10) generically named users who are

> > > now just members of the "Domain Users" group. This setup for the sole

> > > purpose of the (1) clients/users running one application on the

> > > Terminal Server. It appears that if Active Directory were running on

> > > Windows 2003 Server we could just add the clients to the Remote

> > > Desktop USers group to accomplish some of the things we need to

> > > accomplish. However that group is not available in Windows 2000 AD.

> >

> > > So here is our goal for the (10) new clients:

> >

> > > 1. We want every client to have the same TS desktop. It will include

> > > the icon for starting the application and nothing else except the same

> > > program on the Start Menu in case the icon gets deleted. No other

> > > programs should be listed.

> > > 2. We do not want the users to have access to a local desktop.

> > > 3. We do do want any user to be able to install anything to the TS

> > > from the USB drive or CDROM, but we do not want this hardware

> > > disabled.

> > > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > > want the system to boot and automatically display a customized TS

> > > desktop for each of the (10) systems. If it is preferable/recommended

> > > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > > login an go directly to the TS without the user manually launching RDP

> > > connection.

> > > 5. We do not want the users to have Internet Access from the TS. We

> > > have read about using the 127.0.0.0.

> > > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > > particular shared files in "read only" using a program installed on

> > > the TS.

> >

> > > Can we accomplish all of the above?

> >

> > > Can anyone provide a starting point -thanks. We are currently reading

> > > much material and have a Virtual PC setup with Windows 2003 Servers

> > > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

> >

> > - Show quoted text -

>

> Thank you for replying--- these links look very helpful. With regards

> to Question#2 & #4, we have already purchased new XP-based systems--

> not thin clients--because in the future we may have to install locally

> based programs and wanted to have that option if we needed it. So

> changing the local OS & hardware is not an option here.

>

> We have setup (10) separate generically-named user accounts, and

> currently they are all members of the "Domain Users" group within the

> 2000 AD. Are you stating that since we are using XP-based systems,

> there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

> example, we have in another Windows 2000 based server (unrelated to

> this network), set a registry value to automatically login the startup

> account when the system boots. Since we have separate user accounts,

> can we do this for a domain login with XP? Or is this generally, not a

> "best practive" approach? For instance, if we have a hardware/OS

> problem and need to login into the system locally for troubleshooting

> purposes?

>

> Finally, do we need to make these users members of any other group

> other than "Domain Users" in order to meet our goals?

>

> Thank you so much.

>

Guest compsosinc@gmail.com

Guest compsosinc@gmail.com

Posted
Posted

Re: Newbie Setup Question

 

On Dec 10, 7:50 am, Patrick Rouse

<PatrickRo...@discussions.microsoft.com> wrote:

> You can definitely configure the XP Machines to autologon, then launch the

> RDP Client to connect to the TS of your choice. Getting it so the end user

> has no access to the local desktop will likely require the purchase of a 3rd

> party product to replace the Explorer shell.

>

> Check with triCerat, as I think they make something like this.

>

> --

> Patrick C. Rouse

> Microsoft MVP - Terminal Server

> Provision Networks VIP

> Citrix Technology Professional

> President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

>

>

> "compsos...@gmail.com" wrote:

> > On Dec 9, 1:34 pm, Patrick Rouse

> > <PatrickRo...@discussions.microsoft.com> wrote:

> > > 1. You can use Group Policy to redirect the desktop, and start menu to read

> > > only directories that you manage.

>

> > >http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

>

> > > 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> > > to the RDP Client.

>

> > >http://www.sessioncomputing.com/thin-clients.htm

>

> > > 3. Lock down the file system and use Software Restriction Policies to

> > > restrict what users can do.

>

> > >http://www.sessioncomputing.com/security.htm

>

> > > 4. See number 2, but do NOT use the same logon for each user or you will

> > > have profile problems.

>

> > > 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> > > addresses you need to allow.

>

> > > 6. Use a logon script.

>

> > > --

> > > Patrick C. Rouse

> > > Microsoft MVP - Terminal Server

> > > Provision Networks VIP

> > > Citrix Technology Professional

> > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

> > > "compsos...@gmail.com" wrote:

> > > > We have a SBS2000 (not 2003) server running Active Directory & a

> > > > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > > > client computers to the AD and (10) generically named users who are

> > > > now just members of the "Domain Users" group. This setup for the sole

> > > > purpose of the (1) clients/users running one application on the

> > > > Terminal Server. It appears that if Active Directory were running on

> > > > Windows 2003 Server we could just add the clients to the Remote

> > > > Desktop USers group to accomplish some of the things we need to

> > > > accomplish. However that group is not available in Windows 2000 AD.

>

> > > > So here is our goal for the (10) new clients:

>

> > > > 1. We want every client to have the same TS desktop. It will include

> > > > the icon for starting the application and nothing else except the same

> > > > program on the Start Menu in case the icon gets deleted. No other

> > > > programs should be listed.

> > > > 2. We do not want the users to have access to a local desktop.

> > > > 3. We do do want any user to be able to install anything to the TS

> > > > from the USB drive or CDROM, but we do not want this hardware

> > > > disabled.

> > > > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > > > want the system to boot and automatically display a customized TS

> > > > desktop for each of the (10) systems. If it is preferable/recommended

> > > > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > > > login an go directly to the TS without the user manually launching RDP

> > > > connection.

> > > > 5. We do not want the users to have Internet Access from the TS. We

> > > > have read about using the 127.0.0.0.

> > > > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > > > particular shared files in "read only" using a program installed on

> > > > the TS.

>

> > > > Can we accomplish all of the above?

>

> > > > Can anyone provide a starting point -thanks. We are currently reading

> > > > much material and have a Virtual PC setup with Windows 2003 Servers

> > > > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

>

> > > - Show quoted text -

>

> > Thank you for replying--- these links look very helpful. With regards

> > to Question#2 & #4, we have already purchased new XP-based systems--

> > not thin clients--because in the future we may have to install locally

> > based programs and wanted to have that option if we needed it. So

> > changing the local OS & hardware is not an option here.

>

> > We have setup (10) separate generically-named user accounts, and

> > currently they are all members of the "Domain Users" group within the

> > 2000 AD. Are you stating that since we are using XP-based systems,

> > there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

> > example, we have in another Windows 2000 based server (unrelated to

> > this network), set a registry value to automatically login the startup

> > account when the system boots. Since we have separate user accounts,

> > can we do this for a domain login with XP? Or is this generally, not a

> > "best practive" approach? For instance, if we have a hardware/OS

> > problem and need to login into the system locally for troubleshooting

> > purposes?

>

> > Finally, do we need to make these users members of any other group

> > other than "Domain Users" in order to meet our goals?

>

> > Thank you so much.- Hide quoted text -

>

> - Show quoted text -

 

Thanks again -we'll check into that. However, do you know if it is

possible to prevent the user from closing the Remote Desktop

Connection so that they are locked into the TS session? I suppose that

is not a good idea in case they need to reboot the local OS...

Guest Patrick Rouse

Guest Patrick Rouse

Posted
Posted

Re: Newbie Setup Question

 

If you have SA for XP, you might want to use Windows FLP, which is more

suited for what you are doing that a full blown XP installation.

 

 

--

Patrick C. Rouse

Microsoft MVP - Terminal Server

Provision Networks VIP

Citrix Technology Professional

President - Session Computing Solutions, LLC

http://www.sessioncomputing.com

 

 

 

"compsosinc@gmail.com" wrote:

> On Dec 10, 7:50 am, Patrick Rouse

> <PatrickRo...@discussions.microsoft.com> wrote:

> > You can definitely configure the XP Machines to autologon, then launch the

> > RDP Client to connect to the TS of your choice. Getting it so the end user

> > has no access to the local desktop will likely require the purchase of a 3rd

> > party product to replace the Explorer shell.

> >

> > Check with triCerat, as I think they make something like this.

> >

> > --

> > Patrick C. Rouse

> > Microsoft MVP - Terminal Server

> > Provision Networks VIP

> > Citrix Technology Professional

> > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

> >

> >

> >

> > "compsos...@gmail.com" wrote:

> > > On Dec 9, 1:34 pm, Patrick Rouse

> > > <PatrickRo...@discussions.microsoft.com> wrote:

> > > > 1. You can use Group Policy to redirect the desktop, and start menu to read

> > > > only directories that you manage.

> >

> > > >http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

> >

> > > > 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> > > > to the RDP Client.

> >

> > > >http://www.sessioncomputing.com/thin-clients.htm

> >

> > > > 3. Lock down the file system and use Software Restriction Policies to

> > > > restrict what users can do.

> >

> > > >http://www.sessioncomputing.com/security.htm

> >

> > > > 4. See number 2, but do NOT use the same logon for each user or you will

> > > > have profile problems.

> >

> > > > 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> > > > addresses you need to allow.

> >

> > > > 6. Use a logon script.

> >

> > > > --

> > > > Patrick C. Rouse

> > > > Microsoft MVP - Terminal Server

> > > > Provision Networks VIP

> > > > Citrix Technology Professional

> > > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

> >

> > > > "compsos...@gmail.com" wrote:

> > > > > We have a SBS2000 (not 2003) server running Active Directory & a

> > > > > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > > > > client computers to the AD and (10) generically named users who are

> > > > > now just members of the "Domain Users" group. This setup for the sole

> > > > > purpose of the (1) clients/users running one application on the

> > > > > Terminal Server. It appears that if Active Directory were running on

> > > > > Windows 2003 Server we could just add the clients to the Remote

> > > > > Desktop USers group to accomplish some of the things we need to

> > > > > accomplish. However that group is not available in Windows 2000 AD.

> >

> > > > > So here is our goal for the (10) new clients:

> >

> > > > > 1. We want every client to have the same TS desktop. It will include

> > > > > the icon for starting the application and nothing else except the same

> > > > > program on the Start Menu in case the icon gets deleted. No other

> > > > > programs should be listed.

> > > > > 2. We do not want the users to have access to a local desktop.

> > > > > 3. We do do want any user to be able to install anything to the TS

> > > > > from the USB drive or CDROM, but we do not want this hardware

> > > > > disabled.

> > > > > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > > > > want the system to boot and automatically display a customized TS

> > > > > desktop for each of the (10) systems. If it is preferable/recommended

> > > > > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > > > > login an go directly to the TS without the user manually launching RDP

> > > > > connection.

> > > > > 5. We do not want the users to have Internet Access from the TS. We

> > > > > have read about using the 127.0.0.0.

> > > > > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > > > > particular shared files in "read only" using a program installed on

> > > > > the TS.

> >

> > > > > Can we accomplish all of the above?

> >

> > > > > Can anyone provide a starting point -thanks. We are currently reading

> > > > > much material and have a Virtual PC setup with Windows 2003 Servers

> > > > > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

> >

> > > > - Show quoted text -

> >

> > > Thank you for replying--- these links look very helpful. With regards

> > > to Question#2 & #4, we have already purchased new XP-based systems--

> > > not thin clients--because in the future we may have to install locally

> > > based programs and wanted to have that option if we needed it. So

> > > changing the local OS & hardware is not an option here.

> >

> > > We have setup (10) separate generically-named user accounts, and

> > > currently they are all members of the "Domain Users" group within the

> > > 2000 AD. Are you stating that since we are using XP-based systems,

> > > there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

> > > example, we have in another Windows 2000 based server (unrelated to

> > > this network), set a registry value to automatically login the startup

> > > account when the system boots. Since we have separate user accounts,

> > > can we do this for a domain login with XP? Or is this generally, not a

> > > "best practive" approach? For instance, if we have a hardware/OS

> > > problem and need to login into the system locally for troubleshooting

> > > purposes?

> >

> > > Finally, do we need to make these users members of any other group

> > > other than "Domain Users" in order to meet our goals?

> >

> > > Thank you so much.- Hide quoted text -

> >

> > - Show quoted text -

>

> Thanks again -we'll check into that. However, do you know if it is

> possible to prevent the user from closing the Remote Desktop

> Connection so that they are locked into the TS session? I suppose that

> is not a good idea in case they need to reboot the local OS...

>

Guest compsosinc@gmail.com

Guest compsosinc@gmail.com

Posted
Posted

Re: Newbie Setup Question

 

On Dec 10, 8:54 am, Patrick Rouse

<PatrickRo...@discussions.microsoft.com> wrote:

> If you have SA for XP, you might want to use Windows FLP, which is more

> suited for what you are doing that a full blown XP installation.

>

> --

> Patrick C. Rouse

> Microsoft MVP - Terminal Server

> Provision Networks VIP

> Citrix Technology Professional

> President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

>

>

> "compsos...@gmail.com" wrote:

> > On Dec 10, 7:50 am, Patrick Rouse

> > <PatrickRo...@discussions.microsoft.com> wrote:

> > > You can definitely configure the XP Machines to autologon, then launch the

> > > RDP Client to connect to the TS of your choice. Getting it so the end user

> > > has no access to the local desktop will likely require the purchase of a 3rd

> > > party product to replace the Explorer shell.

>

> > > Check with triCerat, as I think they make something like this.

>

> > > --

> > > Patrick C. Rouse

> > > Microsoft MVP - Terminal Server

> > > Provision Networks VIP

> > > Citrix Technology Professional

> > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

> > > "compsos...@gmail.com" wrote:

> > > > On Dec 9, 1:34 pm, Patrick Rouse

> > > > <PatrickRo...@discussions.microsoft.com> wrote:

> > > > > 1. You can use Group Policy to redirect the desktop, and start menu to read

> > > > > only directories that you manage.

>

> > > > >http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

>

> > > > > 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> > > > > to the RDP Client.

>

> > > > >http://www.sessioncomputing.com/thin-clients.htm

>

> > > > > 3. Lock down the file system and use Software Restriction Policies to

> > > > > restrict what users can do.

>

> > > > >http://www.sessioncomputing.com/security.htm

>

> > > > > 4. See number 2, but do NOT use the same logon for each user or you will

> > > > > have profile problems.

>

> > > > > 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> > > > > addresses you need to allow.

>

> > > > > 6. Use a logon script.

>

> > > > > --

> > > > > Patrick C. Rouse

> > > > > Microsoft MVP - Terminal Server

> > > > > Provision Networks VIP

> > > > > Citrix Technology Professional

> > > > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

> > > > > "compsos...@gmail.com" wrote:

> > > > > > We have a SBS2000 (not 2003) server running Active Directory & a

> > > > > > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > > > > > client computers to the AD and (10) generically named users who are

> > > > > > now just members of the "Domain Users" group. This setup for the sole

> > > > > > purpose of the (1) clients/users running one application on the

> > > > > > Terminal Server. It appears that if Active Directory were running on

> > > > > > Windows 2003 Server we could just add the clients to the Remote

> > > > > > Desktop USers group to accomplish some of the things we need to

> > > > > > accomplish. However that group is not available in Windows 2000 AD.

>

> > > > > > So here is our goal for the (10) new clients:

>

> > > > > > 1. We want every client to have the same TS desktop. It will include

> > > > > > the icon for starting the application and nothing else except the same

> > > > > > program on the Start Menu in case the icon gets deleted. No other

> > > > > > programs should be listed.

> > > > > > 2. We do not want the users to have access to a local desktop.

> > > > > > 3. We do do want any user to be able to install anything to the TS

> > > > > > from the USB drive or CDROM, but we do not want this hardware

> > > > > > disabled.

> > > > > > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > > > > > want the system to boot and automatically display a customized TS

> > > > > > desktop for each of the (10) systems. If it is preferable/recommended

> > > > > > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > > > > > login an go directly to the TS without the user manually launching RDP

> > > > > > connection.

> > > > > > 5. We do not want the users to have Internet Access from the TS. We

> > > > > > have read about using the 127.0.0.0.

> > > > > > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > > > > > particular shared files in "read only" using a program installed on

> > > > > > the TS.

>

> > > > > > Can we accomplish all of the above?

>

> > > > > > Can anyone provide a starting point -thanks. We are currently reading

> > > > > > much material and have a Virtual PC setup with Windows 2003 Servers

> > > > > > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

>

> > > > > - Show quoted text -

>

> > > > Thank you for replying--- these links look very helpful. With regards

> > > > to Question#2 & #4, we have already purchased new XP-based systems--

> > > > not thin clients--because in the future we may have to install locally

> > > > based programs and wanted to have that option if we needed it. So

> > > > changing the local OS & hardware is not an option here.

>

> > > > We have setup (10) separate generically-named user accounts, and

> > > > currently they are all members of the "Domain Users" group within the

> > > > 2000 AD. Are you stating that since we are using XP-based systems,

> > > > there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

> > > > example, we have in another Windows 2000 based server (unrelated to

> > > > this network), set a registry value to automatically login the startup

> > > > account when the system boots. Since we have separate user accounts,

> > > > can we do this for a domain login with XP? Or is this generally, not a

> > > > "best practive" approach? For instance, if we have a hardware/OS

> > > > problem and need to login into the system locally for troubleshooting

> > > > purposes?

>

> > > > Finally, do we need to make these users members of any other group

> > > > other than "Domain Users" in order to meet our goals?

>

> > > > Thank you so much.- Hide quoted text -

>

> > > - Show quoted text -

>

> > Thanks again -we'll check into that. However, do you know if it is

> > possible to prevent the user from closing the Remote Desktop

> > Connection so that they are locked into the TS session? I suppose that

> > is not a good idea in case they need to reboot the local OS...- Hide quoted text -

>

> - Show quoted text -

 

Hi - regarding Question#1 above. We have read the article. Since all

of the users should have the same desktop(s) both on the TS and

locally (if they get access), shouldn't we use a Mandatory profile

instead of roaming? Or is it not recommended practice to use Mandatory

- and if so, why is that?

Guest Patrick Rouse

Guest Patrick Rouse

Posted
Posted

Re: Newbie Setup Question

 

Mandatory profiles are great, if you don't have to save any user specific

settings after logoff. If you do, then look at Flex or Roaming Profiles.

 

--

Patrick C. Rouse

Microsoft MVP - Terminal Server

Provision Networks VIP

Citrix Technology Professional

President - Session Computing Solutions, LLC

http://www.sessioncomputing.com

 

 

 

"compsosinc@gmail.com" wrote:

> On Dec 10, 8:54 am, Patrick Rouse

> <PatrickRo...@discussions.microsoft.com> wrote:

> > If you have SA for XP, you might want to use Windows FLP, which is more

> > suited for what you are doing that a full blown XP installation.

> >

> > --

> > Patrick C. Rouse

> > Microsoft MVP - Terminal Server

> > Provision Networks VIP

> > Citrix Technology Professional

> > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

> >

> >

> >

> > "compsos...@gmail.com" wrote:

> > > On Dec 10, 7:50 am, Patrick Rouse

> > > <PatrickRo...@discussions.microsoft.com> wrote:

> > > > You can definitely configure the XP Machines to autologon, then launch the

> > > > RDP Client to connect to the TS of your choice. Getting it so the end user

> > > > has no access to the local desktop will likely require the purchase of a 3rd

> > > > party product to replace the Explorer shell.

> >

> > > > Check with triCerat, as I think they make something like this.

> >

> > > > --

> > > > Patrick C. Rouse

> > > > Microsoft MVP - Terminal Server

> > > > Provision Networks VIP

> > > > Citrix Technology Professional

> > > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

> >

> > > > "compsos...@gmail.com" wrote:

> > > > > On Dec 9, 1:34 pm, Patrick Rouse

> > > > > <PatrickRo...@discussions.microsoft.com> wrote:

> > > > > > 1. You can use Group Policy to redirect the desktop, and start menu to read

> > > > > > only directories that you manage.

> >

> > > > > >http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

> >

> > > > > > 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> > > > > > to the RDP Client.

> >

> > > > > >http://www.sessioncomputing.com/thin-clients.htm

> >

> > > > > > 3. Lock down the file system and use Software Restriction Policies to

> > > > > > restrict what users can do.

> >

> > > > > >http://www.sessioncomputing.com/security.htm

> >

> > > > > > 4. See number 2, but do NOT use the same logon for each user or you will

> > > > > > have profile problems.

> >

> > > > > > 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> > > > > > addresses you need to allow.

> >

> > > > > > 6. Use a logon script.

> >

> > > > > > --

> > > > > > Patrick C. Rouse

> > > > > > Microsoft MVP - Terminal Server

> > > > > > Provision Networks VIP

> > > > > > Citrix Technology Professional

> > > > > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

> >

> > > > > > "compsos...@gmail.com" wrote:

> > > > > > > We have a SBS2000 (not 2003) server running Active Directory & a

> > > > > > > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > > > > > > client computers to the AD and (10) generically named users who are

> > > > > > > now just members of the "Domain Users" group. This setup for the sole

> > > > > > > purpose of the (1) clients/users running one application on the

> > > > > > > Terminal Server. It appears that if Active Directory were running on

> > > > > > > Windows 2003 Server we could just add the clients to the Remote

> > > > > > > Desktop USers group to accomplish some of the things we need to

> > > > > > > accomplish. However that group is not available in Windows 2000 AD.

> >

> > > > > > > So here is our goal for the (10) new clients:

> >

> > > > > > > 1. We want every client to have the same TS desktop. It will include

> > > > > > > the icon for starting the application and nothing else except the same

> > > > > > > program on the Start Menu in case the icon gets deleted. No other

> > > > > > > programs should be listed.

> > > > > > > 2. We do not want the users to have access to a local desktop.

> > > > > > > 3. We do do want any user to be able to install anything to the TS

> > > > > > > from the USB drive or CDROM, but we do not want this hardware

> > > > > > > disabled.

> > > > > > > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > > > > > > want the system to boot and automatically display a customized TS

> > > > > > > desktop for each of the (10) systems. If it is preferable/recommended

> > > > > > > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > > > > > > login an go directly to the TS without the user manually launching RDP

> > > > > > > connection.

> > > > > > > 5. We do not want the users to have Internet Access from the TS. We

> > > > > > > have read about using the 127.0.0.0.

> > > > > > > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > > > > > > particular shared files in "read only" using a program installed on

> > > > > > > the TS.

> >

> > > > > > > Can we accomplish all of the above?

> >

> > > > > > > Can anyone provide a starting point -thanks. We are currently reading

> > > > > > > much material and have a Virtual PC setup with Windows 2003 Servers

> > > > > > > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

> >

> > > > > > - Show quoted text -

> >

> > > > > Thank you for replying--- these links look very helpful. With regards

> > > > > to Question#2 & #4, we have already purchased new XP-based systems--

> > > > > not thin clients--because in the future we may have to install locally

> > > > > based programs and wanted to have that option if we needed it. So

> > > > > changing the local OS & hardware is not an option here.

> >

> > > > > We have setup (10) separate generically-named user accounts, and

> > > > > currently they are all members of the "Domain Users" group within the

> > > > > 2000 AD. Are you stating that since we are using XP-based systems,

> > > > > there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

> > > > > example, we have in another Windows 2000 based server (unrelated to

> > > > > this network), set a registry value to automatically login the startup

> > > > > account when the system boots. Since we have separate user accounts,

> > > > > can we do this for a domain login with XP? Or is this generally, not a

> > > > > "best practive" approach? For instance, if we have a hardware/OS

> > > > > problem and need to login into the system locally for troubleshooting

> > > > > purposes?

> >

> > > > > Finally, do we need to make these users members of any other group

> > > > > other than "Domain Users" in order to meet our goals?

> >

> > > > > Thank you so much.- Hide quoted text -

> >

> > > > - Show quoted text -

> >

> > > Thanks again -we'll check into that. However, do you know if it is

> > > possible to prevent the user from closing the Remote Desktop

> > > Connection so that they are locked into the TS session? I suppose that

> > > is not a good idea in case they need to reboot the local OS...- Hide quoted text -

> >

> > - Show quoted text -

>

> Hi - regarding Question#1 above. We have read the article. Since all

> of the users should have the same desktop(s) both on the TS and

> locally (if they get access), shouldn't we use a Mandatory profile

> instead of roaming? Or is it not recommended practice to use Mandatory

> - and if so, why is that?

>

Guest compsosinc@gmail.com

Guest compsosinc@gmail.com

Posted
Posted

Re: Newbie Setup Question

 

On Dec 10, 2:18 pm, Patrick Rouse

<PatrickRo...@discussions.microsoft.com> wrote:

> Mandatory profiles are great, if you don't have to save any user specific

> settings after logoff. If you do, then look at Flex or Roaming Profiles.

>

> --

> Patrick C. Rouse

> Microsoft MVP - Terminal Server

> Provision Networks VIP

> Citrix Technology Professional

> President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

>

>

> "compsos...@gmail.com" wrote:

> > On Dec 10, 8:54 am, Patrick Rouse

> > <PatrickRo...@discussions.microsoft.com> wrote:

> > > If you have SA for XP, you might want to use Windows FLP, which is more

> > > suited for what you are doing that a full blown XP installation.

>

> > > --

> > > Patrick C. Rouse

> > > Microsoft MVP - Terminal Server

> > > Provision Networks VIP

> > > Citrix Technology Professional

> > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

> > > "compsos...@gmail.com" wrote:

> > > > On Dec 10, 7:50 am, Patrick Rouse

> > > > <PatrickRo...@discussions.microsoft.com> wrote:

> > > > > You can definitely configure the XP Machines to autologon, then launch the

> > > > > RDP Client to connect to the TS of your choice. Getting it so the end user

> > > > > has no access to the local desktop will likely require the purchase of a 3rd

> > > > > party product to replace the Explorer shell.

>

> > > > > Check with triCerat, as I think they make something like this.

>

> > > > > --

> > > > > Patrick C. Rouse

> > > > > Microsoft MVP - Terminal Server

> > > > > Provision Networks VIP

> > > > > Citrix Technology Professional

> > > > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

> > > > > "compsos...@gmail.com" wrote:

> > > > > > On Dec 9, 1:34 pm, Patrick Rouse

> > > > > > <PatrickRo...@discussions.microsoft.com> wrote:

> > > > > > > 1. You can use Group Policy to redirect the desktop, and start menu to read

> > > > > > > only directories that you manage.

>

> > > > > > >http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

>

> > > > > > > 2. Replace the local OS with a thin-client Linux OS, so it boots directly

> > > > > > > to the RDP Client.

>

> > > > > > >http://www.sessioncomputing.com/thin-clients.htm

>

> > > > > > > 3. Lock down the file system and use Software Restriction Policies to

> > > > > > > restrict what users can do.

>

> > > > > > >http://www.sessioncomputing.com/security.htm

>

> > > > > > > 4. See number 2, but do NOT use the same logon for each user or you will

> > > > > > > have profile problems.

>

> > > > > > > 5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for

> > > > > > > addresses you need to allow.

>

> > > > > > > 6. Use a logon script.

>

> > > > > > > --

> > > > > > > Patrick C. Rouse

> > > > > > > Microsoft MVP - Terminal Server

> > > > > > > Provision Networks VIP

> > > > > > > Citrix Technology Professional

> > > > > > > President - Session Computing Solutions, LLChttp://www.sessioncomputing.com

>

> > > > > > > "compsos...@gmail.com" wrote:

> > > > > > > > We have a SBS2000 (not 2003) server running Active Directory & a

> > > > > > > > Windows 2003 Server running as a Terminal server. We added (10) new XP

> > > > > > > > client computers to the AD and (10) generically named users who are

> > > > > > > > now just members of the "Domain Users" group. This setup for the sole

> > > > > > > > purpose of the (1) clients/users running one application on the

> > > > > > > > Terminal Server. It appears that if Active Directory were running on

> > > > > > > > Windows 2003 Server we could just add the clients to the Remote

> > > > > > > > Desktop USers group to accomplish some of the things we need to

> > > > > > > > accomplish. However that group is not available in Windows 2000 AD.

>

> > > > > > > > So here is our goal for the (10) new clients:

>

> > > > > > > > 1. We want every client to have the same TS desktop. It will include

> > > > > > > > the icon for starting the application and nothing else except the same

> > > > > > > > program on the Start Menu in case the icon gets deleted. No other

> > > > > > > > programs should be listed.

> > > > > > > > 2. We do not want the users to have access to a local desktop.

> > > > > > > > 3. We do do want any user to be able to install anything to the TS

> > > > > > > > from the USB drive or CDROM, but we do not want this hardware

> > > > > > > > disabled.

> > > > > > > > 4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We

> > > > > > > > want the system to boot and automatically display a customized TS

> > > > > > > > desktop for each of the (10) systems. If it is preferable/recommended

> > > > > > > > to have the CTRL+ALT+DEL prompt, we want each client tohave the same

> > > > > > > > login an go directly to the TS without the user manually launching RDP

> > > > > > > > connection.

> > > > > > > > 5. We do not want the users to have Internet Access from the TS. We

> > > > > > > > have read about using the 127.0.0.0.

> > > > > > > > 6. Possibly a mapped drive to the SBS2000 data partition to open

> > > > > > > > particular shared files in "read only" using a program installed on

> > > > > > > > the TS.

>

> > > > > > > > Can we accomplish all of the above?

>

> > > > > > > > Can anyone provide a starting point -thanks. We are currently reading

> > > > > > > > much material and have a Virtual PC setup with Windows 2003 Servers

> > > > > > > > only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

>

> > > > > > > - Show quoted text -

>

> > > > > > Thank you for replying--- these links look very helpful. With regards

> > > > > > to Question#2 & #4, we have already purchased new XP-based systems--

> > > > > > not thin clients--because in the future we may have to install locally

> > > > > > based programs and wanted to have that option if we needed it. So

> > > > > > changing the local OS & hardware is not an option here.

>

> > > > > > We have setup (10) separate generically-named user accounts, and

> > > > > > currently they are all members of the "Domain Users" group within the

> > > > > > 2000 AD. Are you stating that since we are using XP-based systems,

> > > > > > there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For

> > > > > > example, we have in another Windows 2000 based server (unrelated to

> > > > > > this network), set a registry value to automatically login the startup

> > > > > > account when the system boots. Since we have separate user accounts,

> > > > > > can we do this for a domain login with XP? Or is this generally, not a

> > > > > > "best practive" approach? For instance, if we have a hardware/OS

> > > > > > problem and need to login into the system locally for troubleshooting

> > > > > > purposes?

>

> > > > > > Finally, do we need to make these users members of any other group

> > > > > > other than "Domain Users" in order to meet our goals?

>

> > > > > > Thank you so much.- Hide quoted text -

>

> > > > > - Show quoted text -

>

> > > > Thanks again -we'll check into that. However, do you know if it is

> > > > possible to prevent the user from closing the Remote Desktop

> > > > Connection so that they are locked into the TS session? I suppose that

> > > > is not a good idea in case they need to reboot the local OS...- Hide quoted text -

>

> > > - Show quoted text -

>

> > Hi - regarding Question#1 above. We have read the article. Since all

> > of the users should have the same desktop(s) both on the TS and

> > locally (if they get access), shouldn't we use a Mandatory profile

> > instead of roaming? Or is it not recommended practice to use Mandatory

> > - and if so, why is that?- Hide quoted text -

>

> - Show quoted text -

 

Thanks - we do not have to save any settings after log off.

 Share
Go to topic listing
×
×
  • Create New...