⬆️ ⬇️

Thin client Win2008 R2 (AD + TFTP) + thinkstation + Win2008 R2 (RDP)

The topic is certainly hackneyed and you can find a bunch of articles on this topic, but all of them are outdated. No, of course not at all, at 99% everything is the same - and installing and configuring the axis , setting up the RDP server , setting up TFTP and PXE , setting up thinkstation, etc., etc., etc. ... This article will probably be the crappy short among them.



And so, what I had at the beginning:

1. Server win2008 R2 is on it is AD, DHCP

2. 24 old computers (in fact, there are 150 total computers, of which I would transfer at least 50 to the terminal, and 24 are just test ones)

3. New server without axis (Xeon E31225, 16GB RAM, RAID 10 4x3TB)

Tasks

1. to reduce the cost of the annual purchase of licenses for these old PCs (Academic licenses, though not expensive, are 410-460 rubles, but terminal solutions are cheaper than 300-310 rubles)

2. Reduce annual costs for the constant upgrading of computers

3. Simplify your administration task.



Without hesitation, I told myself, as it turned out,
Ok google How can I configure thin clients on Windows 2008?
Google responded promptly, and after not long searches and filtering of information, I found all those articles that I referred to above. I am a law-abiding user, I have a license for both the server part and the CAL license, I did everything according to the rules. I checked the connection - everything is super, the download to the Celeron-D PC, 512RAM DDR2 takes 1 minute from the moment you press the power button. Joy was a full pile of pants . The first thing I checked was the work of group policies with AD on users connecting through a thin client - Everything worked: setting up a proxy, connecting network drives, restricting access by groups, etc.

The second thing I decided to do is, of course, set up a minimum of software for terminal users:

Firefox (you can and Opera but not Chrome - eats both memory and processor)

7zip

DoPDF

Kaspersky

Office 2016

Put it in that order. After installing all the devouring evil of Kaspersky Anti-Virus, the terminal server began to fall off regularly - I had to install a free solution from Avast. Next, the installation went without problems.

After satisfying the resultant admiration with my creation and the speed of work and customer download, I decided to break the first rule of administration
Works - do not touch! for any price !!! then you will regret it !!!
- install all the updates that are for 2008 R2 (b * i, then for 2 days I’m trying to find the cause of the glitch !!!). Updates were installed slowly but surely by the end of the working day everything was installed and I went home joyful.

In the morning (well, like in the morning, 10:30) when I got to work, I decided to customize user profiles so that they were not stored in the c: \ Users folder but, for example, on a network drive, while not being moved (well, on a network connection It turned out), but for the time being it stopped just on storage on a separate disk (later I plan to transfer to iSCSI, but this is a separate story told to me) by changing the parameter
ProfilesDirectory 
in the registry in the branch
 HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ ProfileList 


Satisfied with myself as a boa constrictor, I thought that the work was completed ... and what was my surprise when I noticed that users did not mount network drives for the first time in the terminal session ... began to sin on rdesktop and its settings ... just stopped and did not kill their configured configs by groups ... I decided to check whether AD policies work on ordinary computers - to my relief on all versions of the axis from XP to 10 everything worked ... remains ... RDP server ... but what was changed in it ... much ... but I went from logical microsoft ... or rather his love is all done Entail and stop supporting past versions or just add a bunch of glitches ...

By trial and error checking the health of the policies after each update on a clean server Windows, I found out that Win2008 R2 SP1 does not accept policies from another AD server Win2008R2 SP1 ... the reason is not clear, forced updating of policies
 gpupdate /force 


do not help ... re-registration in the domain, too ... in the end, I had to reinstall the RDP server and prohibit updates ...

ZY Thanks to those who read this article to the end, but I think it will be useful to someone, at least by the concentration of useful links on this topic.

ZY ZY So why are outdated? Yes, because they are all written before 2014. and there is not a word about possible problems with GPO after updates!

ZY.Z.Y.Z.Y. as a result, the savings on software licenses is (from 23 PCs) 7500r / year (for a budgetary institution this is not a little!). Savings on the purchase of PCs (planned) 50 000 p / year, given that the total annual budget is 200 000, saving more than 1/4 is significant


')

Source: https://habr.com/ru/post/305768/



All Articles