Lockdown Local Desktop

[compsosinc@gmail.com]

We need some of our domain users to connect to the TS in the domain
for one purpose- -to use 1 application and nothing else. The TS is a
Windows 2003 member server and the DC is SBS2000. The clients for this
purpose are XP Pro.

We have the following goals:

1. When the TS clients bootup, we do not want the Users to login. We
want to have generic usernames, such as shopfloor1,shopfloor2, etc We
want the Users to automatically login to the domain, then auto login
to the TS with the same credentials, and start the application on the
TS.

Can we do this and how do we do it?

2. If the users close the application on the TS, we want the desktop/
workstation to either lock so that CTRL+ALT+DEL is neccessary to
unlock it. The users will not be given login credentials and would
have to have an admin login for them. OR, we want to prevent the
users from using any programs from their local desktops. They would
only have the RDP icon available to reconnect to the TS and start the
application automatically.

How do recommend doing this?

Thanks

 

[Vera Noest [MVP]]

Re: Lockdown Local Desktop

comments inline

compsosinc@gmail.com wrote on 15 jan 2008 in
microsoft.public.windows.terminal_services:

> We need some of our domain users to connect to the TS in the
> domain for one purpose- -to use 1 application and nothing else.
> The TS is a Windows 2003 member server and the DC is SBS2000.
> The clients for this purpose are XP Pro.
>
> We have the following goals:
>
> 1. When the TS clients bootup, we do not want the Users to
> login. We want to have generic usernames, such as
> shopfloor1,shopfloor2, etc We want the Users to automatically
> login to the domain, then auto login to the TS with the same
> credentials, and start the application on the TS.
>
> Can we do this and how do we do it?

Yes, that's not too difficult:
Configure the XP client for autologon, create a .rdp file with the
connection settings, user account and password and save it in the
StartUp folder on the XP client. Configure the server to *not*
"always prompt for password" in tscc.msc, and disable the
"DontDisplayLastUserName" setting.

260711 - How to Configure Automatic Logon to a Terminal Server
http://support.microsoft.com/?kbid=260711

> 2. If the users close the application on the TS, we want the
> desktop/ workstation to either lock so that CTRL+ALT+DEL is
> neccessary to unlock it. The users will not be given login
> credentials and would have to have an admin login for them. OR,
> we want to prevent the users from using any programs from their
> local desktops. They would only have the RDP icon available to
> reconnect to the TS and start the application automatically.
>
> How do recommend doing this?

This is nearly impossible without turning the client into a thin
client.
Your requirements are not really consistent either: you want to
prevent the users from accessing the local desktop, but what stops
them from rebooting the client? It will autologon, according to
requirement 1. It's easy to interrupt the automatic connection
attempt to the TS.
And what stops the users from just minimizing an active TS session
and accessing their local desktop?

The only way to make sure that users cannot access any local
resources is to make sure that there *are* no local resources! Give
them a thin client, or turn those XP clients into software thin
clients if you don't want to change hardware.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___