TS profiles

[Guest Greg]

We would like to have the following scenario:

 

1. User logs onto local PC/domain as a generic user.

2. Generic User is totally locked down and only has Start then a Remote

Desktop Connection to the TS

3. They login to TS as themselves

4. Then when TS connects, the user can see their normal desktop

 

How can we acheive this?

[Guest Vera Noest [MVP]]

Re: TS profiles

 

Point 3 and 4 are default behaviour out of the box, so you'd better

ask this question in a XP / Vista client newsgroup, since you want to

lockdown the clients.

Basic needs are different profiles (generic account with mandatory

profile, i.e read-only and shared by all users) and personal TS-

profile), as well as lockdown policy applied to client computer OU.

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

=?Utf-8?B?R3JlZw==?= <Greg@discussions.microsoft.com> wrote on 25

apr 2008 in microsoft.public.windows.terminal_services:

> We would like to have the following scenario:

>

> 1. User logs onto local PC/domain as a generic user.

> 2. Generic User is totally locked down and only has Start then a

> Remote Desktop Connection to the TS

> 3. They login to TS as themselves

> 4. Then when TS connects, the user can see their normal desktop

>

> How can we acheive this?

[Guest Hank Arnold (MVP)]

Re: TS profiles

 

Greg wrote:

> We would like to have the following scenario:

>

> 1. User logs onto local PC/domain as a generic user.

> 2. Generic User is totally locked down and only has Start then a Remote

> Desktop Connection to the TS

> 3. They login to TS as themselves

> 4. Then when TS connects, the user can see their normal desktop

>

> How can we acheive this?

>

 

I really don't see what this is getting you. The users have to have an

account to be able to log on using RDP. Why not just use a domain logon

with an "All Users/Default Users" desktop and GPO that lock down the

desktop?

 

Our shared workstations are set up with no applications on them at all

other than a Citrix ICA client (should work the same for an RDP client).

 

Our Domain GPO blocks installing any software and our firewall blocks

running any programs not allowed in the FW policy (we use Sophos).

 

There is only one local logon account: "Administrator".

 

We set up a "Default User" profile that has only the ICA Client (and the

necessary application setup folder). A shortcut is added to the "All

Users" Startup folder.

 

When the user logs on with their domain userid and password, a profile

is created (username.domain) if it is the first time they are logging

onto the workstation. They are then logged on and the client software is

launched.

 

With the Citrix ICA client, I can set it up to automatically log them on

using the logged on credentials. Not sure if this can be done with the

RDP client, though...

 

--

 

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

[Guest Frane]

Re: TS profiles

 

Have you been thinking of thinclients? If end user will be using only

terminal services then thin clients with hardware also will be save of

costs. Your way wou will need to pay: hardware, client OS licenses, TS CAL.

With thin clients you will pay only thin hardware (OS is included in price)

and TS CAL.

 

 

 

--

____________________________________

Frane Borozan

Terminal Services and Citrix Presentation Server user logging

http://www.terminalserviceslog.com