[THIN] Re: Passing current login details to W2K terminal server ( NOT citrix)
- From: "Guzzo, Mark A (Mark)" <guzzo@xxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Mon, 16 May 2005 14:09:51 -0500
http://www.codeproject.com/aspnet/PassThroughSecurity.asp
<http://www.codeproject.com/aspnet/PassThroughSecurity.asp>
Give that a shot
---
M A R K G U Z Z O
Utility Infrastructure Services
Citrix Administrator
Lucent Technologies
2601 Lucent Ln, Lisle, IL, 60532-3640
Room: 52N15
guzzo@xxxxxxxxxx <mailto:guzzo@xxxxxxxxxx>
w + f: 630.979.9731
_____
From: Spriggs Jon [mailto:Jon.Spriggs@xxxxxxxxxxxxxx]
Sent: Monday, May 16, 2005 9:47 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Passing current login details to W2K terminal server (NOT
citrix)
Hi all,
I'm trying to work out the easiest way of auto-authenticating to a terminal
server. Let me describe the setup.
1) Users log into a workstation on the domain. They are presented with a
"Kiosk" in Internet Explorer, offering 6 links, representing customer estates.
2) The user clicks on a link. This link is another web page with the MSRDP.OCX
activex control embedded. The OCX control connects to one of two terminal
servers in a DMZ, but still authenticating against the first domain. Once
connected the option is set to launch a command - which is Explorer
(masquerading as Internet Explorer) running again in Kiosk Mode in which there
are a series of icons.
3) Each icon is a shortcut to the XP version of MSTSC, and specifies an RDP
file, each representing either a specific command on a terminal server or an
open terminal server (i.e. a normal desktop). You can only connect to the
customer estate from the servers in the DMZ, not from the workstations.
Users are complaining about having to log in 3 times to get into the customer
estate. I can pass the user's username and domain from the second stage to the
third without too many problems or changes to the kiosk, but I can't make it
"autologin", as I don't know the users password.
I was thinking of creating a second user account in the first domain, with a
similar username (such as joe.bloggs-TERMSERV instead of joe.bloggs), but with
a set password, and restricting access with that username to just the terminal
servers. Then, in the Vbscript, set it to append "-TERMSERV" to the end of the
username and specify the password. Is this feasable? Is it possible? If users
are prevented from viewing the source of the webpage, then will this prevent
them from being able to see the password? Is it worth building a VB.NET
application to replace the IE kiosk?
Has anyone else done anything like this? There's no room in the budget for
Citrix - hence having to make-do with RDP.
Regards,
Jon Spriggs
--
The presence of a "Fujitsu" address does not imply or assume that Fujitsu
Services, Fujitsu or any other company containing the Fujitsu name uses or
endorses this product. This email is purely a personal opinion.
Other related posts:
