Help with terminal services

[superunknown98]

I've been setting up Terminal services here at work. So far everything has been moving along fairly well. However, I want the users to log into the terminal services , and not the local machine and then have to open Remote desktop and log in again.

In fact I don't even want them to have access to the local machine. I want the remote desktop login to be the defualt login to show up. How should I go about doing this? I know I can have an application of my choice open as soon as the domian is logged into, but even if I had remote desktop open it would execute after the users loged in already.

Help!

 

[Genx87]

Honestly not sure if it is possible with straight WinXP. I believe you can purchase terminal clients that will do this for you. They are very slim looking computers with an LCD. You configure it to point to a terminal server and when it boots up you get the terminal logon.

There isnt much hardware to them, basically the logic and a small rom to boot and get into the session I believe. I havent really looked at them in much detail.

 

[dphantom]

NeoWare and Wyse are two big player in the thin client arena. I thik the only way you are going to accomplish what you are seeking is via thin clients as Genx87 said.

Even so, any client still needs to login either locally or into a domain. You can set an account to automatically login to the local machine or domain. From that point, a user can log in to a TS session using their credentials.

With that said, you could use a fat client, but if you are not going to use any of the fat clients resources, then why not go thin.

 

[Simeon Naranjit]

How about this... for those who use TermSvcs only and aren't really supposed to use anything on the local pc, create a Group Policy and strip their profile of everything else BUT the RDP connection. When they login locally, all they can do is logoff or use RDP...lol I've done it before and it helped me land a client because a competitor suggested they purchase thin clients or a 3rd party software to do it.

 

[superunknown98]

Thanks everyone. Simeon Naranjit, I was thinking about that, but wanted to make sure there was nothing better. Now, know you can set RD to log in automatically, but say someone else logs in the machine, will it log in with the other users info? Is there another way to pass the login info from the windows login to RD? A custom script maybe?


Also another problem i'm haing is with roaming profiles. For some reason it won't save the profile becasue of folder security issues, but short of making the user an administrator, nothing seems to work. I've tried so many different combinations of security settings for the profile folder that my head is spinning. anyone ever had this problem?

 

[DrGreen2007]

Security settings on the share or NTFS file settings ?

Sounds like you have them wrong

 

[superunknown98]

Both probably. I found a microsoft technet article saying I should have, on the parent folder, at least:

Creator/owner: full control
terminal services security group: list folder/ read data, create folders/append data -this folder only
Local systems: full control, this folder, subfolders and files

for share level permissons:
Terminal services Security group: full control

then for user profile folders:
System: fullcontrol
user: full control


It also says to let the server create the profile folders automatically. That has yet to work as well.


Does all of this look right ?

 

[superunknown98]

Ok I got some of the roaming profiles to work. I manually set up the profile folders and about 2 of 6 profiles worked. The strange part is that i compared folder securites side by side along with the profile properties and spelling in all of the above is the same.

For some reason some profiles stay in the TS temp folder while others get moved into the profile folders. The only stange thing i notice is that from the terminal server, i cannot create a folder or make a txt file in any of the roaming profile folders, which are stored on another server. It tells me access denied. I am logged into both servers with the same admin account, but for some reason the remote system is denied.

Uggggh. help! anyone?

 

[L3thurn3k]

Are you on an Active Directory domain or are you using a gpo to redirect the profile to the network share? Or are you using a third party software like triCerat to do the redirects?

 

[superunknown98]

Yes I am in an Active directory domian and setting up the roaming profiles thorugh AD. However I am also using scriptlogic desktop authority for other GP.

 

[V00D00]

Are you setting up thin clients, or is this for remote access?