Thin client Win2008 R2 (AD + TFTP) + thinkstation + Win2008 R2 (RDP)
The topic is certainly hackneyed and you can find a bunch of articles on this topic, but all of them are outdated. No, of course not at all, at 99% everything is the same - and installing and configuring the axis , setting up the RDP server , setting up TFTP and PXE , setting up thinkstation, etc., etc., etc. ... This article will probably be the crappy short among them.
And so, what I had at the beginning:
1. Server win2008 R2 is on it is AD, DHCP
2. 24 old computers (in fact, there are 150 total computers, of which I would transfer at least 50 to the terminal, and 24 are just test ones)
3. New server without axis (Xeon E31225, 16GB RAM, RAID 10 4x3TB)
Tasks
1. to reduce the cost of the annual purchase of licenses for these old PCs (Academic licenses, though not expensive, are 410-460 rubles, but terminal solutions are cheaper than 300-310 rubles)
2. Reduce annual costs for the constant upgrading of computers
3. Simplify your administration task.
Without hesitation, I told myself, as it turned out,full pile of pants . The first thing I checked was the work of group policies with AD on users connecting through a thin client - Everything worked: setting up a proxy, connecting network drives, restricting access by groups, etc.
The second thing I decided to do is, of course, set up a minimum of software for terminal users:
Firefox (you can and Opera but not Chrome - eats both memory and processor)
7zip
DoPDF
Kaspersky
Office 2016
Put it in that order. After installingall the devouring evil of Kaspersky Anti-Virus, the terminal server began to fall off regularly - I had to install a free solution from Avast. Next, the installation went without problems.
After satisfying the resultant admiration with my creation and the speed of work and customer download, I decided to break the first rule of administration
In the morning (well, like in the morning, 10:30) when I got to work, I decided to customize user profiles so that they were not stored in the c: \ Users folder but, for example, on a network drive, while not being moved (well, on a network connection It turned out), but for the time being it stopped just on storage on a separate disk (later I plan to transfer to iSCSI, but this is a separate story told to me) by changing the parameter
Satisfied with myself as a boa constrictor, I thought that the work was completed ... and what was my surprise when I noticed that users did not mount network drives for the first time in the terminal session ... began to sin on rdesktop and its settings ... just stopped and did not kill their configured configs by groups ... I decided to check whether AD policies work on ordinary computers - to my relief on all versions of the axis from XP to 10 everything worked ... remains ... RDP server ... but what was changed in it ... much ... but I went fromlogical microsoft ... or rather his love is all done Entail and stop supporting past versions or just add a bunch of glitches ...
Bytrial and error checking the health of the policies after each update on a clean server Windows, I found out that Win2008 R2 SP1 does not accept policies from another AD server Win2008R2 SP1 ... the reason is not clear, forced updating of policies
do not help ... re-registration in the domain, too ... in the end, I had to reinstall the RDP server and prohibit updates ...
ZY Thanks to those whoread this article to the end, but I think it will be useful to someone, at least by the concentration of useful links on this topic.
ZY ZY So why are outdated? Yes, because they are all written before 2014. and there is not a word about possible problems with GPO after updates!
ZY.Z.Y.Z.Y. as a result, the savings on software licenses is (from 23 PCs) 7500r / year (for a budgetary institution this is not a little!). Savings on the purchase of PCs (planned) 50 000 p / year, given that the total annual budget is 200 000, saving more than 1/4 is significant
And so, what I had at the beginning:
1. Server win2008 R2 is on it is AD, DHCP
2. 24 old computers (in fact, there are 150 total computers, of which I would transfer at least 50 to the terminal, and 24 are just test ones)
3. New server without axis (Xeon E31225, 16GB RAM, RAID 10 4x3TB)
Tasks
1. to reduce the cost of the annual purchase of licenses for these old PCs (Academic licenses, though not expensive, are 410-460 rubles, but terminal solutions are cheaper than 300-310 rubles)
2. Reduce annual costs for the constant upgrading of computers
3. Simplify your administration task.
Without hesitation, I told myself, as it turned out,
Ok google How can I configure thin clients on Windows 2008?Google responded promptly, and after not long searches and filtering of information, I found all those articles that I referred to above. I am a law-abiding user, I have a license for both the server part and the CAL license, I did everything according to the rules. I checked the connection - everything is super, the download to the Celeron-D PC, 512RAM DDR2 takes 1 minute from the moment you press the power button. Joy was a
The second thing I decided to do is, of course, set up a minimum of software for terminal users:
Firefox (you can and Opera but not Chrome - eats both memory and processor)
7zip
DoPDF
Kaspersky
Office 2016
Put it in that order. After installing
After satisfying the resultant admiration with my creation and the speed of work and customer download, I decided to break the first rule of administration
Works - do not touch! for any price !!! then you will regret it !!!- install all the updates that are for 2008 R2 (b * i, then for 2 days I’m trying to find the cause of the glitch !!!). Updates were installed slowly but surely by the end of the working day everything was installed and I went home joyful.
In the morning (well, like in the morning, 10:30) when I got to work, I decided to customize user profiles so that they were not stored in the c: \ Users folder but, for example, on a network drive, while not being moved (well, on a network connection It turned out), but for the time being it stopped just on storage on a separate disk (later I plan to transfer to iSCSI, but this is a separate story told to me) by changing the parameter
ProfilesDirectory HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ ProfileList
Satisfied with myself as a boa constrictor, I thought that the work was completed ... and what was my surprise when I noticed that users did not mount network drives for the first time in the terminal session ... began to sin on rdesktop and its settings ... just stopped and did not kill their configured configs by groups ... I decided to check whether AD policies work on ordinary computers - to my relief on all versions of the axis from XP to 10 everything worked ... remains ... RDP server ... but what was changed in it ... much ... but I went from
By
gpupdate /force
do not help ... re-registration in the domain, too ... in the end, I had to reinstall the RDP server and prohibit updates ...
ZY Thanks to those who
ZY ZY So why are outdated? Yes, because they are all written before 2014. and there is not a word about possible problems with GPO after updates!
ZY.Z.Y.Z.Y. as a result, the savings on software licenses is (from 23 PCs) 7500r / year (for a budgetary institution this is not a little!). Savings on the purchase of PCs (planned) 50 000 p / year, given that the total annual budget is 200 000, saving more than 1/4 is significant
')
Source: https://habr.com/ru/post/305768/
All Articles