4

We have 300 windows xp machines on cruddy old hardware across the company.

With extended support for XP ending April next year we're looking into our options.

Couple of options:

  1. Replace the 300 PC's with full windows 7 PC's (£100k +?) - no use of terminal server (our current model)
  2. Replace the 300 PC's with off the shelf thin clients & make use of our terminal server - Cheaper clients but Terminal Server CALS required?
  3. Keep the 300 PC's, replace windows XP with linux thin client capable of connecting to our terminal server - no hardware costs, just Terminal Server CALS required?
  4. Keep the 300 PC's - remove hard drives and make use of a PXE bootable "thin client" to connect to our terminal server

If we were to choose option 4, what our the options out there? Is there any official PXE bootable thin clients for terminal server out there? If so, what are the licence requirements?

Is there options we haven’t considered? There must be lots of companies out there in this situation - curious what the current trend is for this problem?

Edit: Option 5 - Create a bootable Windows PE image with RDP auto start and use that as a "thin client" for our terminal server - is Windows PE licence free in such a model?

HeavenCore
  • 207
  • 4
  • 11
  • You say there is "no hardware costs" when you talk about the Terminal Server/Server Farm solutions (not counting the clients). However a farm than can support 300 PC's is going to have a VERY non negligible cost. – Scott Chamberlain Jun 27 '13 at 15:35

1 Answers1

5

Get Software Assurance licensing for the 300 PCs, install Windows Thin PC. Use GPO to configure:

  • Windows Firewall
  • Certificates (To install your Code Signing Cert)
  • RDP Pass-Through Authentication.
  • I like to also configure the Remote Registry service to Auto Start (Delayed), makes some maintenance easier.
  • Set the users shell to a script in the netlogon folder:

    Set shell = CreateObject("WScript.Shell")
    shell.Run "mstsc.exe /multimon \\yourdomain\netlogon\term_serv.rdp", 1, true
    shell.Run "logoff"
    

You may want to configure some other basic security stuff, like not caching credentials locally. Configuring the Write Filter is a good idea too (then WinTPC doesn't need AV and can't save a virus). Don't forget to sign the RDP file with rdpsign.

We use both old PCs and HP ThinClients to run the above configuration.

Terminal Server licensing is necessary, and unfortunately a barred topic here as the specifics for each businesses are unique, you really need to contact a MS Reseller who can walk you through the process (TS CALs cost about $100/user last I looked; IIRC per-device licensing was slightly more).

Running a Terminal Server Farm for 300 clients isn't exactly trivial. Depending on your needs it can be quite a bit cheaper than buying 300 new desktops (on a 3-4 year averaged basis); or in the wrong situations can cost several times more (really depends on how similar your desktop configurations are, and how much CPU/RAM/GPU each user requires - in general lower requirements fit TS/VDI better than high requirements).

WinPE is licensed strictly for Installation and Maintenance only. While mstsc.exe can be grafted into it, you're not allowed to use it for "production" purposes. Also, the difficulty in installing drivers, changing most settings (like monitor resolution), and the lack of WiFi or graphics acceleration support (particularly RemoteFX features) makes it a pain the work within.

Chris S
  • 77,337
  • 11
  • 120
  • 212