Re: Terminal Services Kiosk
- From: Jeff Pitsch <Jeff@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Aug 2007 17:03:29 -0400
F. David del Campo Hill wrote:
Jeff,
Pretty much everything you want to do can be configured through Group Policy.
Remember that the Terminal Services server is not part of an Active Directory domain, only the desktops. Which group policies are you refering to?
Your going to have a difficult time at best to lockdown the TS box so they can't do anything. It's quite possible but difficult. There are way to many settings to list them off one by one on how to lock down a server. You can start by using this (remember you can many of these through local policy as well):
What are you planning on replacing the shell with?
A Remote Desktop session to the Terminal Services server: mstsc /v:IPAddress /f
You best bet, again, is to use Group Policy on the workstations to configure a very locked down environment for the particular users. You have AD for the workstations, it's a very powerful tool, don't ignore it. Use it.
Why are you trying to replace the shell?
As I explained, I need an account that will open RD the moment it logs in and will only show RD on the full screen; since this is similar to what people do for Internet Explorer kiosks, I thought to do it similarly. Is there a better way?
yes again, a locked down environment using GPO.
You will want to start investigating GPO's.
Only for the desktops; the TS server cannot have GPOs applied.
also how are you expecting users to terminate the shell?
That is one of my questions: how to make the account log out when the RD session is logged out or terminated.
No problem at all, you give them the log out button on the locked down desktop.
Why not simply lock down the workstations as is?
The desktops are going to be used by other accounts which do not connect to the TS server, so leaving the desktops in such a state is not possible.
In short, I am trying to allow users to use their Windows desktop as a thin client for a TS server by logging in to a certain account.
I'm not sure you understand how GPO's work. they can be applied based on users. So one user logs in to the workstation they get one set of settings, another user logs in they get another set.
Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP
Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com
.
- References:
- Re: Terminal Services Kiosk
- From: Jeff Pitsch
- Re: Terminal Services Kiosk
- Prev by Date: Re: Nightmare with saved credentials
- Next by Date: Problems With WatchGuard SSL VPN Firewall LDAP Authentication Using Windows Server 2003 Active Directory Log-in Credentials
- Previous by thread: Re: Terminal Services Kiosk
- Next by thread: Re: Terminal Services Kiosk
- Index(es):
