Lockdown Local Desktop

[Guest compsosinc@gmail.com]

We need some of our domain users to connect to the TS in the domain

for one purpose- -to use 1 application and nothing else. The TS is a

Windows 2003 member server and the DC is SBS2000. The clients for this

purpose are XP Pro.

 

We have the following goals:

 

1. When the TS clients bootup, we do not want the Users to login. We

want to have generic usernames, such as shopfloor1,shopfloor2, etc We

want the Users to automatically login to the domain, then auto login

to the TS with the same credentials, and start the application on the

TS.

 

Can we do this and how do we do it?

 

2. If the users close the application on the TS, we want the desktop/

workstation to either lock so that CTRL+ALT+DEL is neccessary to

unlock it. The users will not be given login credentials and would

have to have an admin login for them. OR, we want to prevent the

users from using any programs from their local desktops. They would

only have the RDP icon available to reconnect to the TS and start the

application automatically.

 

How do recommend doing this?

 

Thanks

[Guest Vera Noest [MVP]]

Re: Lockdown Local Desktop

 

comments inline

 

compsosinc@gmail.com wrote on 15 jan 2008 in

microsoft.public.windows.terminal_services:

> We need some of our domain users to connect to the TS in the

> domain for one purpose- -to use 1 application and nothing else.

> The TS is a Windows 2003 member server and the DC is SBS2000.

> The clients for this purpose are XP Pro.

>

> We have the following goals:

>

> 1. When the TS clients bootup, we do not want the Users to

> login. We want to have generic usernames, such as

> shopfloor1,shopfloor2, etc We want the Users to automatically

> login to the domain, then auto login to the TS with the same

> credentials, and start the application on the TS.

>

> Can we do this and how do we do it?

 

Yes, that's not too difficult:

Configure the XP client for autologon, create a .rdp file with the

connection settings, user account and password and save it in the

StartUp folder on the XP client. Configure the server to *not*

"always prompt for password" in tscc.msc, and disable the

"DontDisplayLastUserName" setting.

 

260711 - How to Configure Automatic Logon to a Terminal Server

http://support.microsoft.com/?kbid=260711

> 2. If the users close the application on the TS, we want the

> desktop/ workstation to either lock so that CTRL+ALT+DEL is

> neccessary to unlock it. The users will not be given login

> credentials and would have to have an admin login for them. OR,

> we want to prevent the users from using any programs from their

> local desktops. They would only have the RDP icon available to

> reconnect to the TS and start the application automatically.

>

> How do recommend doing this?

 

This is nearly impossible without turning the client into a thin

client.

Your requirements are not really consistent either: you want to

prevent the users from accessing the local desktop, but what stops

them from rebooting the client? It will autologon, according to

requirement 1. It's easy to interrupt the automatic connection

attempt to the TS.

And what stops the users from just minimizing an active TS session

and accessing their local desktop?

 

The only way to make sure that users cannot access any local

resources is to make sure that there *are* no local resources! Give

them a thin client, or turn those XP clients into software thin

clients if you don't want to change hardware.

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___