[THIN] Passing current login details to W2K terminal server (NOT citrix)

Hi all,

I'm trying to work out the easiest way of auto-authenticating to a terminal
server. Let me describe the setup.

1) Users log into a workstation on the domain. They are presented with a
"Kiosk" in Internet Explorer, offering 6 links, representing customer
estates. 

2) The user clicks on a link. This link is another web page with the
MSRDP.OCX activex control embedded. The OCX control connects to one of two
terminal servers in a DMZ, but still authenticating against the first
domain. Once connected the option is set to launch a command - which is
Explorer (masquerading as Internet Explorer) running again in Kiosk Mode in
which there are a series of icons. 

3) Each icon is a shortcut to the XP version of MSTSC, and specifies an RDP
file, each representing either a specific command on a terminal server or an
open terminal server (i.e. a normal desktop). You can only connect to the
customer estate from the servers in the DMZ, not from the workstations.

Users are complaining about having to log in 3 times to get into the
customer estate. I can pass the user's username and domain from the second
stage to the third without too many problems or changes to the kiosk, but I
can't make it "autologin", as I don't know the users password.

I was thinking of creating a second user account in the first domain, with a
similar username (such as joe.bloggs-TERMSERV instead of joe.bloggs), but
with a set password, and restricting access with that username to just the
terminal servers. Then, in the Vbscript, set it to append "-TERMSERV" to the
end of the username and specify the password. Is this feasable? Is it
possible? If users are prevented from viewing the source of the webpage,
then will this prevent them from being able to see the password? Is it worth
building a VB.NET application to replace the IE kiosk?

Has anyone else done anything like this? There's no room in the budget for
Citrix - hence having to make-do with RDP.

Regards,

Jon Spriggs
-- 
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.

Other related posts: