Those who follow my blogs will know that I run a Thin Client section of my network – powered by Windows Thin PC (aka Windows 7 lite… it runs NT6.1) with Server 2008 R2.
This post follows http://www.edugeek.net/blogs/thescar…nt-part-2.html and
Last time out on RDS, we set up Single Sign on, so that our users would log onto a Windows Thin PC as themselves, and changed the shell from “explorer.exe” so that instead a Remote Desktop session was triggered. This would automatically use the details of the user, without showing the real local desktop on the Thin PC.
There was only one problem with this, the users were slowed down by a double log on. Once to the Thin PC, and once to the RDS farm server. So, back to the original plan… A single autologon user, with a restricted environment. This environment would need no start menu or desktop, except for a single shortcut to launch the Remote Desktop. This is where the actual user login would happen.
So, we need to undo the below, which I’ve copied from my original article…
Allow Default Credential Usage for Single Sign-On (SSO)
Now that we have authentication configured, we need to finish the process. To do this, you need to go to the client system (Vista, or 2008) and configure the Local Group Policy Editor. On your client computer open the Local Group Policy Editor. To open Local Group Policy Editor, go to Start, and in the Start Search box, type gpedit.msc and then press ENTER. In the Editor, look in the left pane and expand Computer Configuration => Administrative Templates => System => and then click Credentials Delegation. Double-click the Delegating Default Credentials setting to open it.
Next, in the Properties dialog box on the Setting tab, select Enabled, and then select Show. In the Show Contents dialog box, click Add to add servers to the list. In the Add Item dialog box, type the prefix termsrv/ followed by the name of the Terminal Server you will be connecting too. Once you have added the server name, click OK to close the Add Item dialog box. Click OK a few times until you are back in the Local Group Policy Editor and close the MMC.
We also need to change a few other registry keys to enable the auto login, and put the shell back. As I’m writing this on my ipad, I will upload the script or screenshots of the GPOs later on.
As usual, any queries or things you would like me to cover… Drop me a line or find me on the usual social network spaces!