How to make a thin client from an old Windows PC?
Sooner or later, the question arises of the need to replace one or more PCs due to slow operation.
The easiest way, nothing to invent and just replace the PC.
Not the easiest way is to start implementing “remote desktops” in the version of terminal server or virtual desktops.
The cost of a thin client of HP , DELL or other brands can be compared with the cost of a full-fledged PC, and using an old PC as a thin client will extend the life of a sufficiently long period.
What to do with obsolete PCs:
- leave on a Windows PC, the user will be connected to the remote desktop.
- download PC over the network, one of the linux optionsthinstation .
- install on your PC a local version of linux, options sea .
Next I will describe the option with Windows, such a thin client has some advantages when comparing with linux options.
Why did I do all this:
- I have remote offices with users who had to be transferred to work on terminal servers, the use of group policies in the domain allows me to get the desired result without being in the office and without replacing the PC.
- Both Windows and linux options for user interfaces of thin clients of HP, Wyse / DELL do not suit me for various reasons.
Advantages of the Windows option:
- Full support for RDP / RemoteFX.
- Full support for removable media.
- Ability to use a local printer.
- Ability to use smart cards for a client bank.
- Redirecting video / audio playback to a thin client when using Windows Media Player, without brakes and without load on the server, you can watch 1080p video, but this is another story =).
If you start with the result:
It will look like loading the user's desktop if Windows XP is installed on the PC:
It will look like loading the user's desktop if Windows 7 is installed on the PC:
To get the result that you can see on the slides, you need an AD domain and several Group Policies for PC and users.
On a PC with XP SP3, you need to install updates for the rdp client KB969084 and Fixit50588 , for advanced group policies you need to install update KB943729 .
Key policies:
No. 1 - Users need to enable Single sign-on , I am distributing this policy to the entire domain.
No. 2 - For the PC, we make a separate OU and close the group policies in this OU.
№3 - In the new OU, we create a policy where we change the user to “wscript c: \ thinPC \ thinPC.vbs / nologo / b”.
It is necessary to copy 3 files to the target PC, I use advanced group policies for this.
I recommend that the files be placed in the central repository of group policies \\ domain name \ SYSVOL \ domain name \ Policies \, this will ensure fault tolerance in case of unavailability of one of the domain controllers.
On the domain controllers, this network resource corresponds to the folder C: \ Windows \ SYSVOL \ sysvol \ domain name \ Policies The
contents of the thinPC.cmd file
mstsc starts the rdp client, after the end of the remote session, the shutdown -l command is executed to end the user session on the thin client.
During the operation of the described script, the user will observe the execution of commands in the window, and to hide the window, the script is launched by VBS . ThinPC.vbs
file contents
The contents of the thinPC.rdp file
This is an rdp file with the connection parameters that are required.
That's all, replacing it with the user will make the thin client boot process as close as possible to the boot process of a regular PC.
The main disadvantage of the proposed script is the inability of the user to choose the screen resolution on their own, but I honestly do not understand when they ask for a monitor of 22-24 inches, and then ask to increase letters on it.
In such cases, I install a VNC server on the target PC and change the resolution with it.
Minor Policies:
No. 4 - In order to disable this message, the user just needs to check the box not to notify.
To automate the process by administrative means, you need to add the key to the registry.
No. 5 - We need to increase the cache for RDP connections, in cases of Windows XP it is vital, but in cases of Windows 7 it can be done without increasing the cache.
No. 6 - Interactive logon: Do not require CTRL + ALT + DEL
set the Disabled parameter.
No. 7 - Interactive logon: Do not display last user name
set the Enabled parameter.
№8 - Interactive logon: Message text for users attempting to log on and Interactive logon: Message title for users attempting to log on
Fill in the header and text that is intended for users, in the simplest case you need to specify the contacts of the support center.
Number 9 - To disable visual effects on a thin client, you must add the key to the registry.
No. 10 - Power options
Using advanced group policies, you need to create a power plan in which when you press the power button, the thin client will turn off.
No. 11 - Software Restriction Policies I
recommend setting up software launch control, this mechanism works on WindowsXP and Windows 7 PRO.
AppLocker is more flexible but only works on Windows 7 enterprise and above.
I believe that in cases of a thin client, flexibility is not needed, the aim is to exclude the possibility of launching malware.
No. 12 - Turn off Autoplay
To disable the automatic launch of removable media, you must set Enabled for All drives.
No. 13 -Allow RDP redirection of other supported RemoteFX USB devices from this computer
If you plan to forward USB devices, enable the policy for Adminstrators and Users.
No. 14 - Delete user profiles older than a specified number of days on system restart
I set the parameter to 180 days, the policy works only on Windows 7.
No. 15 - User Account Control
UAC interferes with me and therefore disconnects.
No. 16 - Replacing the desktop background, beauty requires sacrifice.
For Windows XP, this registry key is responsible for the wallpaper on the login and password entry screen.
The file with the background can be located anywhere, but it should be a bmp file.
To change the background of Windows 7, you must install the key, and transfer the file with the background% WindowsDir% \ System32 \ oobe \ info \ backgrounds \ backgrounddefault.jpg.
It is also necessary to set the background for the user session on the thin client.
About the practice:
- Such thin clients have been working for over a year
-
Disks started to fall on several old PCs, HP thin clients were sent in exchange, but all user data was on the servers;) - Several accountants successfully work with BIFIT USB tokens
The easiest way, nothing to invent and just replace the PC.
Not the easiest way is to start implementing “remote desktops” in the version of terminal server or virtual desktops.
The cost of a thin client of HP , DELL or other brands can be compared with the cost of a full-fledged PC, and using an old PC as a thin client will extend the life of a sufficiently long period.
What to do with obsolete PCs:
- leave on a Windows PC, the user will be connected to the remote desktop.
- download PC over the network, one of the linux optionsthinstation .
- install on your PC a local version of linux, options sea .
Next I will describe the option with Windows, such a thin client has some advantages when comparing with linux options.
Why did I do all this:
- I have remote offices with users who had to be transferred to work on terminal servers, the use of group policies in the domain allows me to get the desired result without being in the office and without replacing the PC.
- Both Windows and linux options for user interfaces of thin clients of HP, Wyse / DELL do not suit me for various reasons.
Advantages of the Windows option:
- Full support for RDP / RemoteFX.
- Full support for removable media.
- Ability to use a local printer.
- Ability to use smart cards for a client bank.
- Redirecting video / audio playback to a thin client when using Windows Media Player, without brakes and without load on the server, you can watch 1080p video, but this is another story =).
If you start with the result:
It will look like loading the user's desktop if Windows XP is installed on the PC:
It will look like loading the user's desktop if Windows 7 is installed on the PC:
To get the result that you can see on the slides, you need an AD domain and several Group Policies for PC and users.
On a PC with XP SP3, you need to install updates for the rdp client KB969084 and Fixit50588 , for advanced group policies you need to install update KB943729 .
Key policies:
No. 1 - Users need to enable Single sign-on , I am distributing this policy to the entire domain.
No. 2 - For the PC, we make a separate OU and close the group policies in this OU.
№3 - In the new OU, we create a policy where we change the user to “wscript c: \ thinPC \ thinPC.vbs / nologo / b”.
It is necessary to copy 3 files to the target PC, I use advanced group policies for this.
I recommend that the files be placed in the central repository of group policies \\ domain name \ SYSVOL \ domain name \ Policies \, this will ensure fault tolerance in case of unavailability of one of the domain controllers.
On the domain controllers, this network resource corresponds to the folder C: \ Windows \ SYSVOL \ sysvol \ domain name \ Policies The
contents of the thinPC.cmd file
C: \ BGInfo \ Bginfo.exe "C: \ BGInfo \ config.bgi" / NOLICPROMPT / timer: 0BGInfo adds an inscription with the necessary data to the user's desktop, the results of BGInfo are visible on the slides.
mstsc "c: \ thinPC \ thinPC.rdp"
shutdown -l
mstsc starts the rdp client, after the end of the remote session, the shutdown -l command is executed to end the user session on the thin client.
During the operation of the described script, the user will observe the execution of commands in the window, and to hide the window, the script is launched by VBS . ThinPC.vbs
file contents
Dim oShell
Set oShell = WScript.CreateObject ("WSCript.shell")
oShell.run "C: \ thinPC \ thinPC.cmd", 0
Set oShell = Nothing
The contents of the thinPC.rdp file
This is an rdp file with the connection parameters that are required.
- You must disable the display of the connection panel when working in full screen.
- I turn off the forwarding of local drives, but allow forwarding of drives connected later, this will allow users to work with removable media that will be connected after the start of a remote session.
- In the case of windows 7, to use the RemoteFX protocol, you need to set the color depth to 32 bits and specify the connection speed of 10 megabits / LAN.
- In cases where the server certificate is self-signed, you must disable the warning in the "Server Authentication" section.
That's all, replacing it with the user will make the thin client boot process as close as possible to the boot process of a regular PC.
The main disadvantage of the proposed script is the inability of the user to choose the screen resolution on their own, but I honestly do not understand when they ask for a monitor of 22-24 inches, and then ask to increase letters on it.
In such cases, I install a VNC server on the target PC and change the resolution with it.
Minor Policies:
No. 4 - In order to disable this message, the user just needs to check the box not to notify.
To automate the process by administrative means, you need to add the key to the registry.
[HKEY_CURRENT_USER \ Software \ Microsoft \ Terminal Server Client \ LocalDevices]
"server address" = dword: 0000000d
No. 5 - We need to increase the cache for RDP connections, in cases of Windows XP it is vital, but in cases of Windows 7 it can be done without increasing the cache.
[HKEY_CURRENT_USER \ Software \ Microsoft \ Terminal Server Client]a bit more about graphics optimization, Terminal Services and Graphically Intensive Applications .
"BitmapCacheSize" = dword: 0000ffff
No. 6 - Interactive logon: Do not require CTRL + ALT + DEL
set the Disabled parameter.
No. 7 - Interactive logon: Do not display last user name
set the Enabled parameter.
№8 - Interactive logon: Message text for users attempting to log on and Interactive logon: Message title for users attempting to log on
Fill in the header and text that is intended for users, in the simplest case you need to specify the contacts of the support center.
Number 9 - To disable visual effects on a thin client, you must add the key to the registry.
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ VisualEffects]
"VisualFXSetting" = dword: 00000002
No. 10 - Power options
Using advanced group policies, you need to create a power plan in which when you press the power button, the thin client will turn off.
No. 11 - Software Restriction Policies I
recommend setting up software launch control, this mechanism works on WindowsXP and Windows 7 PRO.
AppLocker is more flexible but only works on Windows 7 enterprise and above.
I believe that in cases of a thin client, flexibility is not needed, the aim is to exclude the possibility of launching malware.
No. 12 - Turn off Autoplay
To disable the automatic launch of removable media, you must set Enabled for All drives.
No. 13 -Allow RDP redirection of other supported RemoteFX USB devices from this computer
If you plan to forward USB devices, enable the policy for Adminstrators and Users.
No. 14 - Delete user profiles older than a specified number of days on system restart
I set the parameter to 180 days, the policy works only on Windows 7.
No. 15 - User Account Control
UAC interferes with me and therefore disconnects.
No. 16 - Replacing the desktop background, beauty requires sacrifice.
For Windows XP, this registry key is responsible for the wallpaper on the login and password entry screen.
The file with the background can be located anywhere, but it should be a bmp file.
[HKEY_USERS \ .DEFAULT \ Control Panel \ Desktop]
"Wallpaper" = "C: \\ thinPC \\ rd.bmp"
"WallpaperStyle" = "2"
To change the background of Windows 7, you must install the key, and transfer the file with the background% WindowsDir% \ System32 \ oobe \ info \ backgrounds \ backgrounddefault.jpg.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Authentication \ LogonUI \ Background]
"OEMBackground" = dword: 00000001
It is also necessary to set the background for the user session on the thin client.
[HKEY_CURRENT_USER \ Control Panel \ Desktop]
"Wallpaper" = "C: \\ thinPC \\ rd.bmp"
"WallpaperStyle" = "2"
About the practice:
- Such thin clients have been working for over a year
-
Disks started to fall on several old PCs, HP thin clients were sent in exchange, but all user data was on the servers;) - Several accountants successfully work with BIFIT USB tokens