TS profiles

  • Thread starter Thread starter Greg
  • Start date Start date
G

Greg

Guest
We would like to have the following scenario:

1. User logs onto local PC/domain as a generic user.
2. Generic User is totally locked down and only has Start then a Remote
Desktop Connection to the TS
3. They login to TS as themselves
4. Then when TS connects, the user can see their normal desktop

How can we acheive this?
 
Re: TS profiles

Point 3 and 4 are default behaviour out of the box, so you'd better
ask this question in a XP / Vista client newsgroup, since you want to
lockdown the clients.
Basic needs are different profiles (generic account with mandatory
profile, i.e read-only and shared by all users) and personal TS-
profile), as well as lockdown policy applied to client computer OU.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?R3JlZw==?= <Greg@discussions.microsoft.com> wrote on 25
apr 2008 in microsoft.public.windows.terminal_services:

> We would like to have the following scenario:
>
> 1. User logs onto local PC/domain as a generic user.
> 2. Generic User is totally locked down and only has Start then a
> Remote Desktop Connection to the TS
> 3. They login to TS as themselves
> 4. Then when TS connects, the user can see their normal desktop
>
> How can we acheive this?
 
Re: TS profiles

Greg wrote:
> We would like to have the following scenario:
>
> 1. User logs onto local PC/domain as a generic user.
> 2. Generic User is totally locked down and only has Start then a Remote
> Desktop Connection to the TS
> 3. They login to TS as themselves
> 4. Then when TS connects, the user can see their normal desktop
>
> How can we acheive this?
>

I really don't see what this is getting you. The users have to have an
account to be able to log on using RDP. Why not just use a domain logon
with an "All Users/Default Users" desktop and GPO that lock down the
desktop?

Our shared workstations are set up with no applications on them at all
other than a Citrix ICA client (should work the same for an RDP client).

Our Domain GPO blocks installing any software and our firewall blocks
running any programs not allowed in the FW policy (we use Sophos).

There is only one local logon account: "Administrator".

We set up a "Default User" profile that has only the ICA Client (and the
necessary application setup folder). A shortcut is added to the "All
Users" Startup folder.

When the user logs on with their domain userid and password, a profile
is created (username.domain) if it is the first time they are logging
onto the workstation. They are then logged on and the client software is
launched.

With the Citrix ICA client, I can set it up to automatically log them on
using the logged on credentials. Not sure if this can be done with the
RDP client, though...

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
 
Re: TS profiles

Have you been thinking of thinclients? If end user will be using only
terminal services then thin clients with hardware also will be save of
costs. Your way wou will need to pay: hardware, client OS licenses, TS CAL.
With thin clients you will pay only thin hardware (OS is included in price)
and TS CAL.



--
____________________________________
Frane Borozan
Terminal Services and Citrix Presentation Server user logging
http://www.terminalserviceslog.com
 
Back
Top