Re: Newbie Setup Question

You can definitely configure the XP Machines to autologon, then launch the
RDP Client to connect to the TS of your choice. Getting it so the end user
has no access to the local desktop will likely require the purchase of a 3rd
party product to replace the Explorer shell.

Check with triCerat, as I think they make something like this.


--
Patrick C. Rouse
Microsoft MVP - Terminal Server
Provision Networks VIP
Citrix Technology Professional
President - Session Computing Solutions, LLC
http://www.sessioncomputing.com



"compsosinc@xxxxxxxxx" wrote:

On Dec 9, 1:34 pm, Patrick Rouse
<PatrickRo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
1. You can use Group Policy to redirect the desktop, and start menu to read
only directories that you manage.

http://www.msterminalservices.org/articles/Configure-Folder-Redirecti...

2. Replace the local OS with a thin-client Linux OS, so it boots directly
to the RDP Client.

http://www.sessioncomputing.com/thin-clients.htm

3. Lock down the file system and use Software Restriction Policies to
restrict what users can do.

http://www.sessioncomputing.com/security.htm

4. See number 2, but do NOT use the same logon for each user or you will
have profile problems.

5. Use Group Policy to set a dummy Proxy IP Address, and set exclusions for
addresses you need to allow.

6. Use a logon script.

--
Patrick C. Rouse
Microsoft MVP - Terminal Server
Provision Networks VIP
Citrix Technology Professional
President - Session Computing Solutions, LLChttp://www.sessioncomputing.com



"compsos...@xxxxxxxxx" wrote:
We have a SBS2000 (not 2003) server running Active Directory & a
Windows 2003 Server running as a Terminal server. We added (10) new XP
client computers to the AD and (10) generically named users who are
now just members of the "Domain Users" group. This setup for the sole
purpose of the (1) clients/users running one application on the
Terminal Server. It appears that if Active Directory were running on
Windows 2003 Server we could just add the clients to the Remote
Desktop USers group to accomplish some of the things we need to
accomplish. However that group is not available in Windows 2000 AD.

So here is our goal for the (10) new clients:

1. We want every client to have the same TS desktop. It will include
the icon for starting the application and nothing else except the same
program on the Start Menu in case the icon gets deleted. No other
programs should be listed.
2. We do not want the users to have access to a local desktop.
3. We do do want any user to be able to install anything to the TS
from the USB drive or CDROM, but we do not want this hardware
disabled.
4. When the systems bootup, we do not want a CTRL+ALT+DEL prompt. We
want the system to boot and automatically display a customized TS
desktop for each of the (10) systems. If it is preferable/recommended
to have the CTRL+ALT+DEL prompt, we want each client tohave the same
login an go directly to the TS without the user manually launching RDP
connection.
5. We do not want the users to have Internet Access from the TS. We
have read about using the 127.0.0.0.
6. Possibly a mapped drive to the SBS2000 data partition to open
particular shared files in "read only" using a program installed on
the TS.

Can we accomplish all of the above?

Can anyone provide a starting point -thanks. We are currently reading
much material and have a Virtual PC setup with Windows 2003 Servers
only (no 2000 AD) but basically see we need to start with new OU.- Hide quoted text -

- Show quoted text -

Thank you for replying--- these links look very helpful. With regards
to Question#2 & #4, we have already purchased new XP-based systems--
not thin clients--because in the future we may have to install locally
based programs and wanted to have that option if we needed it. So
changing the local OS & hardware is not an option here.

We have setup (10) separate generically-named user accounts, and
currently they are all members of the "Domain Users" group within the
2000 AD. Are you stating that since we are using XP-based systems,
there is no way to eliminate the CTRL+ALT+DEL prompt at bootup? For
example, we have in another Windows 2000 based server (unrelated to
this network), set a registry value to automatically login the startup
account when the system boots. Since we have separate user accounts,
can we do this for a domain login with XP? Or is this generally, not a
"best practive" approach? For instance, if we have a hardware/OS
problem and need to login into the system locally for troubleshooting
purposes?

Finally, do we need to make these users members of any other group
other than "Domain Users" in order to meet our goals?

Thank you so much.

.

Relevant Pages

  • Re: I cant see the client printer.
    ... client you used to connect to the terminal server. ... desktop client included in Windows XP? ... Redirected in a Remote Desktop or Terminal Services ...
    (microsoft.public.windows.terminal_services)
  • Re: Update on serial port redirection and advice needed
    ... work with windows operating systems, ... MCSE, CCEA, Microsoft MVP - Terminal Server ... The program does work on a thin client that has Windows XP ...
    (microsoft.public.windows.terminal_services)
  • Re: Newbie Setup Question
    ... Microsoft MVP - Terminal Server ... RDP Client to connect to the TS of your choice. ... Windows 2003 Server running as a Terminal server. ... login an go directly to the TS without the user manually launching RDP ...
    (microsoft.public.windows.terminal_services)
  • Re: Windows 2000 TSCAL for Vista
    ... I can officially say that the Vista client will receive a built-in CAL when connecting to a Win2000 TS. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Vista and is not limited to Windows XP. ...
    (microsoft.public.windows.terminal_services)
  • Re: Newbie Setup Question
    ... RDP Client to connect to the TS of your choice. ... Microsoft MVP - Terminal Server ... Windows 2003 Server we could just add the clients to the Remote ...
    (microsoft.public.windows.terminal_services)