http://www.codeproject.com/aspnet/PassThroughSecurity.asp <http://www.codeproject.com/aspnet/PassThroughSecurity.asp> Give that a shot --- M A R K G U Z Z O Utility Infrastructure Services Citrix Administrator Lucent Technologies 2601 Lucent Ln, Lisle, IL, 60532-3640 Room: 52N15 guzzo@xxxxxxxxxx <mailto:guzzo@xxxxxxxxxx> w + f: 630.979.9731 _____ From: Spriggs Jon [mailto:Jon.Spriggs@xxxxxxxxxxxxxx] Sent: Monday, May 16, 2005 9:47 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Passing current login details to W2K terminal server (NOT citrix) Hi all, I'm trying to work out the easiest way of auto-authenticating to a terminal server. Let me describe the setup. 1) Users log into a workstation on the domain. They are presented with a "Kiosk" in Internet Explorer, offering 6 links, representing customer estates. 2) The user clicks on a link. This link is another web page with the MSRDP.OCX activex control embedded. The OCX control connects to one of two terminal servers in a DMZ, but still authenticating against the first domain. Once connected the option is set to launch a command - which is Explorer (masquerading as Internet Explorer) running again in Kiosk Mode in which there are a series of icons. 3) Each icon is a shortcut to the XP version of MSTSC, and specifies an RDP file, each representing either a specific command on a terminal server or an open terminal server (i.e. a normal desktop). You can only connect to the customer estate from the servers in the DMZ, not from the workstations. Users are complaining about having to log in 3 times to get into the customer estate. I can pass the user's username and domain from the second stage to the third without too many problems or changes to the kiosk, but I can't make it "autologin", as I don't know the users password. I was thinking of creating a second user account in the first domain, with a similar username (such as joe.bloggs-TERMSERV instead of joe.bloggs), but with a set password, and restricting access with that username to just the terminal servers. Then, in the Vbscript, set it to append "-TERMSERV" to the end of the username and specify the password. Is this feasable? Is it possible? If users are prevented from viewing the source of the webpage, then will this prevent them from being able to see the password? Is it worth building a VB.NET application to replace the IE kiosk? Has anyone else done anything like this? There's no room in the budget for Citrix - hence having to make-do with RDP. Regards, Jon Spriggs -- The presence of a "Fujitsu" address does not imply or assume that Fujitsu Services, Fujitsu or any other company containing the Fujitsu name uses or endorses this product. This email is purely a personal opinion.