This post is part of a Series of Posts
Now login to the ViewUser account. We want to change the Shell, so that when this account is logged all they can see is Vmware View Client. But first some housekeeping. Run this command from PowerShell so that our unsigned script is allowed to execute on this account.
Set-ExecutionPolicy -scope Currentuser -executionPolicy Unrestricted
Now navigate to the folder we placed the script file in. Right click VMwareViewShell.ps1 and choose "Run with PowerShell". It should launch the VMware View Client and proceed to the username and password Screen.
You should be able to login and view your VMware View Desktop, test that and USB redirection. If the script is working correctly you should be able to close the VMware View Client it should relaunch self and clear the username and recenter it to the screen. Continue testing till your satisfied that the script works correctly. Once it does we can now replace the explorer shell with the script instead. To do this we need to make a registry change.
- Launch Regedit while logged into the ViewUser account.
- Navigate to "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" and create a new string value and name it "Shell"
- Set the Shell value the following
- Set the Script path to where you placed the script
powershell.exe -WindowStyle Hidden -Command "& 'C:\Program Files\VMware\VMware View\PowerShellScripts\VMwareViewShell.ps1'"
Note: In a powershell command putting the "-WindowsStyle Hidden" before the command seems hide it, if the "-WindowStyle" it put after the command, it doesn't work.
Now all is left is to logoff the ViewUser and then back in. The Start Bar and other features should all be gone but the VMware View Client should come up and stay up. If the profile works then you can logout. to do this you can hit Ctrl+Shift+Esc to access the task manager. Then File and New Task and enter "logoff" in the run prompt.
Setting ViewUser to AutoLogon
We now have the ViewUser created however we want the machine to autologin and then run the view client. We could have people login as them selfs however I found that made the login time longer than I preferred. Thus is set the Machine to autlogin to the ViewUser we configured. Here is little guide how hot do so Superuser - Auto Login Keys for Windows 7, However you could configure the Thin Client to instead use an Alternative method to prompt users to use your domain authentication.
Alternative Method
If you copy the ViewUser Account to the default user and changed the script to instead use the currently logged in user. Then you may not choose to set AutoLogon and instead let user login to windows as them selfs and have their profile.
With this the Thin Client should be in a working state. You may need to alter this and add additional features.
Other Odd Notes
- View Composer is isntalled on the vCenter Server.
hello when i run that file with powershell it asked me if i want to run it once. is there a way to always allow it? because my logs in and it a black screen but no vmware view client isnt loaded
ReplyDeleteHey Jason, I believe your problem is the ExecutionPolicy. Try running the following command from powershell logged in as an administrator.
ReplyDeleteSet-ExecutionPolicy -ExecutionPolicy Unrestricted -Confirm $true
ok never mind the other post i reinstalled my os. and now it works great thanks. did you ever post how to have a background? and is there a way to make it so network and shareing center lunchs and minizmes as well so if i but this on a laptop they could change the wireless network to connect to. doesnt have to be network and sharing center just a way to change wireless networks.
ReplyDeleteI honestly forgot about the background change. no promises on to when i'll get to it but will try next time I update our lab image.
ReplyDeleteAs for wireless network changes that was really beyond the goal here. If I were to attempt it I might put a flowing window with say the system time and button that lunched "Shareing Center". Would be just like that Vmware View Process that already gets launched.
thank you i think i figered it out by just calling a bat file. do you have a guid or anything that could show me how to do the thing were if it minimizes it maximizes again?
ReplyDeleteI just added that to the Part 2 of this post for you. There is another Powershell that gets called in a loop that will look for the View console to be anything but minimized and maximize it when it happens.
ReplyDeletehello, so do i just take that second source box and first one and put them in the same file and call it as you said in this part> and thank you so much for being so helpful and taking your time to respond to me. andif you dont mind i have another quetion is there a way to get it so the thin cleint doesnt react to controle alt delte
ReplyDeleteYeah, Putting them in the same folder and calling the first one is all you need to do. It will spin off a process to watch and fix the window size. As for a way to disable the ctrl+alt+del I'm not sure. Most likely your trying to disable the task manager in which case you can use GPedit.msc to grey out Task manager. Here is a ling on how to do that. http://tinyurl.com/3c3ypyl
ReplyDeletehello thank you.and what sould i name the two files?
ReplyDeleteQuick Question: Let's say I wanted to do this with laptops that need to authenticate before it can access the VM View Server. I couldn't really create a local user but perhaps I could get AD to accept a generic login that only authenticates on the wireless system and then passes through?
ReplyDeleteYou could change the default profile for all users instead of just the viewuser account then have users login in as themselves.
ReplyDeleteOr you could create a AD Generic account that the laptops auto logged on to.
Thanks for the reponse above. Something new I'm working on as well is getting the drives to work in the VM as opposed to just being used locally. Right now if I put a DVD in it auto loads on the thin clients win 7 install. Any tips here?
ReplyDeleteI was thinking perhaps disabling the drive on the thin client install but i'm not sure if that would give the VM access to that hardware.
when i attempt a logoff or shutdown from the cntrl+alt+del screen, the system hangs because the powershell script will not end.
ReplyDeleteSee if this works. Hit ctrl+shift+Esc and start start a new task, Enter "logoff".
ReplyDeletethe "logoff" task gives me a popup to "end task" on powershell, then the pc shuts down. Any way to have the script monitor a system event related to logoff or shutdown to do a stop-process on powershell.exe?
ReplyDeleteThanks!
These three articles were a life saver. We just started piloting thin clients at the college and the instructors kept trying to make the thin client act like a fat client. It became so absure that they wouldn't use the virtual machines that we prepared for them. So we implemented this process over the weekend and now all they see are a list of available virtual machines! And even when they exit, the list just pops back up again. I hope no one figures out that CTRL+Shift+ESC and some typing can bring the desktop back.
ReplyDeleteWhile we aren't haveing any problems with the scripts (btw only the first PowerShell file downloads from the link) We followed your recommendation to minimize profile creation on the thin client and used a generic "Student" account at boot time. When we launch a View VM we authenticate and everything is fine until one of the students accidentially disconnects his or her virtual machine. We cannot seem to get the login dialog box to reappear as the virtual machine complains that only the user or an Administrator can unlock this machine. Any idea on how to get the login screen back when this happens?
Three things:
ReplyDeleteTask Manager, Internet Explorer, and Fast User Switching are all potential entrypoints for a malicious user.
If you want to keep people from running Task Manager and Internet Explorer, place subkeys with the process names in HKLM\Software\Microsoft\Windows NT\Currentversion\Image File Execution Options, then put a string value beneath each called "debugger" with some random value in it.
Then, disable Fast User Switching through the GPO located at:Local Computer Policy > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching.
Chris,
ReplyDeleteI am fine with everything until here:
•Launch Regedit while logged into the ViewUser account.
•Navigate to "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" and create a new string value and name it "Shell"
•Set the Shell value the following
◦Set the Script path to where you placed the script
powershell.exe -WindowStyle Hidden -Command "& 'C:\Program Files\VMware\VMware View\PowerShellScripts\VMwareViewShell.ps1'"
Note: In a powershell command putting the "-WindowsStyle Hidden" before the command seems hide it, if the "-WindowStyle" it put after the command, it doesn't work.
After that, I just get a black screen when I log out.
I think I either did something wrong with the registry entry or the powershell.
So a simple question to start with though, does the ViewUser account have
to be an admin for the registry entries to take?
Tom Marra
517-960-8243
When the Thin PC client is bound to AD, we've had issues with the single sign on feature in the view client using the user's own credentials. Adding a delay before launching the view client has had some measure of success, however we have simply resorted to passing in the user's username and having them type their password a second time upon logging into the Thin PC workstation.
ReplyDeleteI for the same reason didn't use the single sign on feature because the of the long login time first to the client and then to the VM. I have a local account logged in already running the View Client with out single sign on.
ReplyDelete