MSTSC as a Shell

Published on
19,077 Points
2 Endorsements
Last Modified:
This article is written for administrators wanting to transform PC's into Fat Clients for use with Remote Desktop Services (aka Terminal Services).  It creates a seamless transition from the client desktop to Remote Desktop window.  It works on XP, Vista, and Windows 7.  

How it works
The user logs in to the PC, the MSTSC shell opens (instead of Explorer), and it automatically logs the user in using the "Allow Default Credentials" GPO to pass through local credentials.  When the user closes the Terminal Services window, the computer will automatically log off the user and return to the logon screen.

Step 1:  This creates a batch file that starts MSTSC and waits until its closed and  automatically logs out the user.
In C:\Program Files create a batch file called mstsc.bat with the following:
c:\Program Files\system32\mstsc.exe /v RDPServerName

Open in new window

Step 2:  This step is a VBS script that runs the previous batch file invisibly.  You don't have to run it invisibly, but I like it because then the user can't close the batch file and leave the computer with a blank screen.
In C:\windows\system32 create a file called invisible.vbs with the following
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

Open in new window

Step 3:  Allow Default Credentials GPO
See the following articles:
Windows XP: Must have SP3            http://support.microsoft.com/kb/951608
Windows Vista and Windows 7      http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

Step 4:  This sets the shell to the batch file and runs it invisibly:
Open Regedit, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
and change "Shell" from explorer.exe to
wscript.exe C:\windows\system32\invisible.vbs C:\windows\system32\mstsc.bat

If you want to work on the PC, minimize the TS window, and just press CTRL+ALT+DEL, Task Manager, Start new process, and run explorer.exe.  That will bring up an Explorer window.

Silent/Automatic/Command Line Install:  Use the following in a batch file to run all of the above in one quick step.  This script also creates an MSTSCUninstall.bat to remove settings and files.
@echo off
echo wscript.exe "%WinDir%\system32\invisible.vbs" "%WinDir%\system32\mstsc.bat" > "%WinDir%\system32\invisible.vbs"
  echo "%WinDir%\mstsc.exe" /v yourservername
  echo logoff
) > "%WinDir%\system32\mstsc.bat"

reg add "%LMSw%\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t reg_sz /d "wscript.exe ^"%WinDir%\system32\invisible.vbs^" ^"%WinDir%\system32\mstsc.bat^"" /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v AllowDefaultCredentials /t reg_dword /d 1 /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v ConcatenateDefaults_AllowDefault /t reg_dword /d 1 /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 1 /t reg_sz /d "TERMSRV/yourservername.domainname.org" /f
reg add "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 2 /t reg_sz /d "TERMSRV/yourservername" /f

REM:  This generatess the uninstall script:
  echo del "%WinDir%\system32\mstsc.bat"
  echo del "%WinDir%\system32\invisible.vbs"
  echo reg add "%LMSw%\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t reg_sz /d explorer.exe /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v AllowDefaultCredentials /t reg_dword /d 1 /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation" /v ConcatenateDefaults_AllowDefault /t reg_dword /d 1 /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 1 /t reg_sz /d "TERMSRV/yourservername.domainname.org" /f
  echo reg del "%LMSw%\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials" /v 2 /t reg_sz /d "TERMSRV/yourservername" /f
  echo del "%WinDir%\system32\MSTSCUninstall.bat"
) > "%WinDir%\system32\MSTSCUninstall.bat"

Open in new window

To undo the shell replacement: minimize the TS window, and just hit CTRL+ALT+DEL, click Task Manager.  In Task Manager, click on File, New Process, and type in C:\Windows\System32 and run MSTSCUninstall.bat.  Or you could run regedit instead and change the registry key shown above back to explorer.exe.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free