View RSS Feed

TheScarfedOne

Windows Thin PC

Rating: 2 votes, 5.00 average.
by , 6th July 2011 at 10:52 AM (43369 Views)
So... Windows Thin PC (Windows Embedded Standard 7 - for its full name really) is now out, whats the story?

Its the replacement for Windows Fundamentals for Legacy PCS... ie its a cut down version of the current Windows OS, designed for older PCs to make them last a bit longer. You can use it to make a "Think Thin Client"... ie Autologon, start an RDP session and thats it.

And thats exactly what Ive done with it.

So, hows it all set up, and what do I think of it? Well - it installs in the same way the full Windows 7 OS does. For us here, that means SCCM. Created a capture image from the original media in the same way you do for the full OS (see earlier blog posts for guidance)... created a task sequence to deploy it - it is exactly the same as my main Windows 7 one - minus the core software. Why you might say? Remember, this machine is going to be a dumb terminal.

Then, Ive ammended some of the scripts used for deploying my Laptops with Bitlocker. What does that have to do with WTPC? I needed the machine to be configured to autologon for a start! We dont want people having to logon twice! So, all the machines are set to autologon with a restricted network account (in our case called RDPService) - and then the shell has been changed from explorer.exe to mstsc.exe. This makes it run in kiosk mode effectively, there is no taskbar, desktop or anything that can be fiddled with!

Just to make doubly sure, Ive used an app called Shelly to launch mstsc as an unkillable process. If it closes, it is just respawned.

This system is going to be used in Admin, General purpose ICT rooms (ie those without high GFX needs)... even tho the Remote FX available by using this with RDS in Server 2008 R2 make it pretty good! Prodesktop even works well as does CS5.

Ive uploaded the script here, which you need to add as a package in SCCM (or to an accessible folder eg NETLOGON) and then point to it as a Run Command Line in the Task Sequence. Put a reboot after it, and the machine with then autologin and do all the rest of the jazz. Shelly and your RDP file must be in a folder called RDP at the root of C:\. This can be achieved by GPO Preferences under File.

Any queries... fire off a comment below...

Updates to this original post... we now use Shelly (as described here http://www.insidetheregistry.com/con...articleid=1722) to handle the RDP shell replacement.
Attached Thumbnails Attached Files

Updated 24th August 2011 at 07:11 PM by TheScarfedOne

Categories
Software

Comments

  1. simpsonj's Avatar
    Sounds very interesting, especially as I've just started experimenting with Remote Desktops...

    Where did you get WTPC from? Has it been released as part of the MSA/EES agreements? Any licensing issues to be aware of?
  2. TheScarfedOne's Avatar
    Thin PC is part of Software Assurance under School/Campus and EES Agreements. It was released on 1st July 2011, and should now be showiing up in your Volume Licence Centre. If not, give it a few days, and PM - will get it checked...

    If you happen top be in the Southwest region, I can show you our setup
  3. ICTHUS's Avatar
    Hso did you change the shell from explorer.exe to mstsc.exe?
  4. TheScarfedOne's Avatar
    @ICTHUS - the settings are in the zip file attached to the blog post. Its done in the registry.
  5. edugeekdan's Avatar
    Great Script and this was a major help to me! Thank you.

    Is there anyway to get the last logged in user to the RDP session to be forgotten so it defaults to "use another account" Thanks Dan
  6. TheScarfedOne's Avatar
    @edugeekdan... this one is set in group policy on the server. Create and link a GP for the OU/Machine. The setting is in Computer Configuration > Policies > Windows Settings > Security Options > Interactive Logon: Do not display last username
  7. edugeekdan's Avatar
    Already tried that one and preseumed it didnt work because its a RDP logon box? also checked all the Remote Desktop Services GPO's and cant find any that are useful.
  8. edugeekdan's Avatar
    The soltuion was to add the Domain prefix to the 'username' box of the rdp session file. Thanks
  9. TheScarfedOne's Avatar
    hmmm, definately not needed to do that on mine.
  10. simpsonj's Avatar
    Do you have a link to the Shelly utility? Looks like InsideTheRegistry has had an update, and I can't find the program as all links point to a dead page.
  11. Arthur's Avatar
    Quote Originally Posted by simpsonj
    Do you have a link to the Shelly utility?
    Try this... @simpsonj

    www.insidetheregistry.com/content/authors/user177/file/shelly.zip
  12. simpsonj's Avatar
    Beautiful, thank you very much! I'll give that a shot with my thin-client machine hopefully today.
  13. SwedishChef's Avatar
    Hi Pal, what restrictions did you place on the network account ?

    Incidentally we get the user problem that edugeekdan outlined on our older CE4.0 terminals, not found a solution yet.
  14. TheScarfedOne's Avatar
    It was just a standard limited account. Group policy locked out to prevent anything other than a "Cancel" box showing from a CTRL - ALT - DEL.

    Using Shelly to replace the shell to use the script calling an RDP file (yes with the domain prefix included - as highlighted by other comments), prevents any access to the account itself. It has no desktop, user home folder, or even profile. All it is is a network access account, to allow calling of the RDP with the GPO for "ignore certificates" set.
  15. TheScarfedOne's Avatar
    There is an update to this article in progress - as I now use NTLM as the users logon to the Thin PC as their own user, it still triggers the RDP, but then autologs in to the RDP.
  16. TheScarfedOne's Avatar
  17. Arthur's Avatar
    I have uploaded a copy of Shelly v1.0.0.2 here if anyone needs a copy.
    Updated 19th April 2012 at 11:00 AM by Arthur

Trackbacks

Total Trackbacks 0
Trackback URL: