TheScarfedOne

Windows Thin PC

, 6th July 2011 at 10:52 AM (24652 Views)

So... Windows Thin PC (Windows Embedded Standard 7 - for its full name really) is now out, whats the story?

Its the replacement for Windows Fundamentals for Legacy PCS... ie its a cut down version of the current Windows OS, designed for older PCs to make them last a bit longer. You can use it to make a "Think Thin Client"... ie Autologon, start an RDP session and thats it.

And thats exactly what Ive done with it.

So, hows it all set up, and what do I think of it? Well - it installs in the same way the full Windows 7 OS does. For us here, that means SCCM. Created a capture image from the original media in the same way you do for the full OS (see earlier blog posts for guidance)... created a task sequence to deploy it - it is exactly the same as my main Windows 7 one - minus the core software. Why you might say? Remember, this machine is going to be a dumb terminal.

Then, Ive ammended some of the scripts used for deploying my Laptops with Bitlocker. What does that have to do with WTPC? I needed the machine to be configured to autologon for a start! We dont want people having to logon twice! So, all the machines are set to autologon with a restricted network account (in our case called RDPService) - and then the shell has been changed from explorer.exe to mstsc.exe. This makes it run in kiosk mode effectively, there is no taskbar, desktop or anything that can be fiddled with!

Just to make doubly sure, Ive used an app called Shelly to launch mstsc as an unkillable process. If it closes, it is just respawned.

This system is going to be used in Admin, General purpose ICT rooms (ie those without high GFX needs)... even tho the Remote FX available by using this with RDS in Server 2008 R2 make it pretty good! Prodesktop even works well as does CS5.

Ive uploaded the script here, which you need to add as a package in SCCM (or to an accessible folder eg NETLOGON) and then point to it as a Run Command Line in the Task Sequence. Put a reboot after it, and the machine with then autologin and do all the rest of the jazz. Shelly and your RDP file must be in a folder called RDP at the root of C:\. This can be achieved by GPO Preferences under File.

Any queries... fire off a comment below...

Updates to this original post... we now use Shelly (as described here http://www.insidetheregistry.com/con...articleid=1722) to handle the RDP shell replacement.

Updated 24th August 2011 at 07:11 PM by TheScarfedOne

Categories: Software

Email Blog Entry

« Prev Main Next »

Comments

simpsonj - 6th July 2011 08:14 PM
Sounds very interesting, especially as I've just started experimenting with Remote Desktops...

Where did you get WTPC from? Has it been released as part of the MSA/EES agreements? Any licensing issues to be aware of?
TheScarfedOne - 6th July 2011 08:18 PM
Thin PC is part of Software Assurance under School/Campus and EES Agreements. It was released on 1st July 2011, and should now be showiing up in your Volume Licence Centre. If not, give it a few days, and PM - will get it checked...

If you happen top be in the Southwest region, I can show you our setup
ICTHUS - 7th July 2011 03:18 PM
Hso did you change the shell from explorer.exe to mstsc.exe?
TheScarfedOne - 7th July 2011 04:08 PM
@ICTHUS - the settings are in the zip file attached to the blog post. Its done in the registry.
edugeekdan - 14th July 2011 03:13 PM
Great Script and this was a major help to me! Thank you.

Is there anyway to get the last logged in user to the RDP session to be forgotten so it defaults to "use another account" Thanks Dan
TheScarfedOne - 14th July 2011 03:53 PM
@edugeekdan... this one is set in group policy on the server. Create and link a GP for the OU/Machine. The setting is in Computer Configuration > Policies > Windows Settings > Security Options > Interactive Logon: Do not display last username
edugeekdan - 14th July 2011 04:13 PM
Already tried that one and preseumed it didnt work because its a RDP logon box? also checked all the Remote Desktop Services GPO's and cant find any that are useful.
edugeekdan - 19th July 2011 09:21 AM
The soltuion was to add the Domain prefix to the 'username' box of the rdp session file. Thanks
TheScarfedOne - 20th July 2011 12:10 AM
hmmm, definately not needed to do that on mine.
simpsonj - 16th November 2011 09:06 AM
Do you have a link to the Shelly utility? Looks like InsideTheRegistry has had an update, and I can't find the program as all links point to a dead page.
Arthur - 29th November 2011 07:13 PM
Originally Posted by simpsonj

Do you have a link to the Shelly utility?

Try this... @simpsonj

www.insidetheregistry.com/content/authors/user177/file/shelly.zip
simpsonj - 30th November 2011 09:39 AM
Beautiful, thank you very much! I'll give that a shot with my thin-client machine hopefully today.
SwedishChef - 7th December 2011 04:15 PM
Hi Pal, what restrictions did you place on the network account ?

Incidentally we get the user problem that edugeekdan outlined on our older CE4.0 terminals, not found a solution yet.
TheScarfedOne - 7th December 2011 08:04 PM
It was just a standard limited account. Group policy locked out to prevent anything other than a "Cancel" box showing from a CTRL - ALT - DEL.

Using Shelly to replace the shell to use the script calling an RDP file (yes with the domain prefix included - as highlighted by other comments), prevents any access to the account itself. It has no desktop, user home folder, or even profile. All it is is a network access account, to allow calling of the RDP with the GPO for "ignore certificates" set.
TheScarfedOne - 7th December 2011 08:06 PM
There is an update to this article in progress - as I now use NTLM as the users logon to the Thin PC as their own user, it still triggers the RDP, but then autologs in to the RDP.
TheScarfedOne - 30th December 2011 04:41 PM
This article has now been updated Remote Desktop for Thin Client… Part 2! - Blogs - EduGeek.net
Arthur - 19th April 2012 10:25 AM
I have uploaded a copy of Shelly v1.0.0.2 here if anyone needs a copy.

Updated 19th April 2012 at 11:00 AM by Arthur